diff --git a/server_admin/topics/authentication/password-policies.adoc b/server_admin/topics/authentication/password-policies.adoc
index dad4eb654e..6beb175f81 100644
--- a/server_admin/topics/authentication/password-policies.adoc
+++ b/server_admin/topics/authentication/password-policies.adoc
@@ -63,3 +63,10 @@ Expire Password::
 Not Recently Used::
   This policy saves a history of previous passwords. The number of old passwords stored is configurable. When a user changes their password
   they cannot use any stored passwords.
+Password Blacklist::
+  This policy checks if a given password is contained in a blacklist file, which is potentially a very large file.  
+  Password blacklists are UTF-8 plain-text files with Unix line endings where every line represents a blacklisted password.  
+  The file name of the blacklist file must be provided as the password policy value, e.g. `10_million_password_list_top_1000000.txt`.  
+  Blacklist files are resolved against `${jboss.server.data.dir}/password-blacklists/` by default.  
+  This path can be customized via the `keycloak.password.blacklists.path` system property, 
+  or the `blacklistsPath` property of the `passwordBlacklist` policy SPI configuration.