diff --git a/etc/policy.v3cloudsample.json b/etc/policy.v3cloudsample.json
index ab36cbb6a3..3ac94c6876 100644
--- a/etc/policy.v3cloudsample.json
+++ b/etc/policy.v3cloudsample.json
@@ -207,12 +207,6 @@
     "identity:delete_mapping": "rule:cloud_admin",
     "identity:update_mapping": "rule:cloud_admin",
 
-    "identity:create_service_provider": "rule:cloud_admin",
-    "identity:list_service_providers": "rule:cloud_admin",
-    "identity:get_service_provider": "rule:cloud_admin",
-    "identity:update_service_provider": "rule:cloud_admin",
-    "identity:delete_service_provider": "rule:cloud_admin",
-
     "identity:get_auth_catalog": "",
     "identity:get_auth_projects": "",
     "identity:get_auth_domains": "",
diff --git a/keystone/tests/unit/test_policy.py b/keystone/tests/unit/test_policy.py
index 63f6f1aa25..d2d7ea038c 100644
--- a/keystone/tests/unit/test_policy.py
+++ b/keystone/tests/unit/test_policy.py
@@ -190,7 +190,12 @@ class PolicyJsonTestCase(unit.TestCase):
             'identity:get_registered_limit',
             'identity:list_registered_limits',
             'identity:update_registered_limit',
-            'identity:delete_registered_limit'
+            'identity:delete_registered_limit',
+            'identity:create_service_provider',
+            'identity:get_service_provider',
+            'identity:list_service_providers',
+            'identity:update_service_provider',
+            'identity:delete_service_provider'
         ]
         policy_keys = self._get_default_policy_rules()
         for p in removed_policies:
diff --git a/releasenotes/notes/bug-1804520-d124599967923052.yaml b/releasenotes/notes/bug-1804520-d124599967923052.yaml
new file mode 100644
index 0000000000..c21f352e55
--- /dev/null
+++ b/releasenotes/notes/bug-1804520-d124599967923052.yaml
@@ -0,0 +1,13 @@
+---
+upgrade:
+  - |
+    [`bug 1804520 <https://bugs.launchpad.net/keystone/+bug/1804520>`_]
+    The federated service provider policies defined in ``policy.v3cloudsample.json``
+    have been removed. These policies are now obsolete after incorporating
+    system-scope into the service provider API and implementing default roles.
+fixes:
+  - |
+    [`bug 1804520 <https://bugs.launchpad.net/keystone/+bug/1804520>`_]
+    The federated service provider policies in ``policy.v3cloudsample.json`` policy file
+    have been removed in favor of better defaults in code. These policies
+    weren't tested exhaustively and were misleading to users and operators.