diff --git a/management/server/http/middleware/access_control.go b/management/server/http/middleware/access_control.go
index fc362ea80..434f2f644 100644
--- a/management/server/http/middleware/access_control.go
+++ b/management/server/http/middleware/access_control.go
@@ -41,6 +41,7 @@ func (a *AccessControl) Handler(h http.Handler) http.Handler {
 
 		user, err := a.getUser(claims)
 		if err != nil {
+			log.Errorf("failed to get user from claims: %s", err)
 			util.WriteError(status.Errorf(status.Unauthorized, "invalid JWT"), w)
 			return
 		}