diff --git a/internal/configuration/koanf_util.go b/internal/configuration/koanf_util.go
new file mode 100644
index 000000000..d9e816f0e
--- /dev/null
+++ b/internal/configuration/koanf_util.go
@@ -0,0 +1,36 @@
+package configuration
+
+import (
+	"fmt"
+
+	"github.com/knadh/koanf"
+
+	"github.com/authelia/authelia/v4/internal/utils"
+)
+
+func getAllKoanfKeys(ko *koanf.Koanf) (keys []string) {
+	keys = ko.Keys()
+
+	for key, value := range ko.All() {
+		slc, ok := value.([]interface{})
+		if !ok {
+			continue
+		}
+
+		for _, item := range slc {
+			m, mok := item.(map[string]interface{})
+			if !mok {
+				continue
+			}
+
+			for k := range m {
+				full := fmt.Sprintf("%s[].%s", key, k)
+				if !utils.IsStringInSlice(full, keys) {
+					keys = append(keys, full)
+				}
+			}
+		}
+	}
+
+	return keys
+}
diff --git a/internal/configuration/provider.go b/internal/configuration/provider.go
index 7ea0c5281..529329fd7 100644
--- a/internal/configuration/provider.go
+++ b/internal/configuration/provider.go
@@ -36,7 +36,7 @@ func LoadAdvanced(val *schema.StructValidator, path string, result interface{},
 
 	unmarshal(ko, val, path, result)
 
-	return ko.Keys(), nil
+	return getAllKoanfKeys(ko), nil
 }
 
 func unmarshal(ko *koanf.Koanf, val *schema.StructValidator, path string, o interface{}) {
diff --git a/internal/suites/OIDC/configuration.yml b/internal/suites/OIDC/configuration.yml
index a68a82a65..b4d137b17 100644
--- a/internal/suites/OIDC/configuration.yml
+++ b/internal/suites/OIDC/configuration.yml
@@ -91,7 +91,7 @@ identity_providers:
     clients:
       - id: oidc-tester-app
         secret: foobar
-        policy: two_factor
+        authorization_policy: two_factor
         redirect_uris:
           - https://oidc.example.com:8080/oauth2/callback
       # This client is used for testing purpose. As of now, the app must be protected by ACLs
diff --git a/internal/suites/OIDCTraefik/configuration.yml b/internal/suites/OIDCTraefik/configuration.yml
index 11fb3e73d..b26f0c36d 100644
--- a/internal/suites/OIDCTraefik/configuration.yml
+++ b/internal/suites/OIDCTraefik/configuration.yml
@@ -93,7 +93,7 @@ identity_providers:
     clients:
       - id: oidc-tester-app
         secret: foobar
-        policy: two_factor
+        authorization_policy: two_factor
         redirect_uris:
           - https://oidc.example.com:8080/oauth2/callback
       # This client is used for testing purpose. As of now, the app must be protected by ACLs