diff --git a/manifests/init.pp b/manifests/init.pp
index 48a157cf..5bc5b423 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -552,6 +552,8 @@
 # $server_jolokia_metrics_allowlist::       The allowlist of clients that
 #                                           can query the jolokia /metrics/v2 endpoint
 #
+# $server_jolokia_metrics_policy::          The content of the jolokia-access.xml file for the jolokia metrics endpoint
+#
 # === Usage:
 #
 # * Simple usage:
@@ -753,6 +755,7 @@
   Optional[Stdlib::Absolutepath] $server_versioned_code_content = undef,
   Array[String[1]] $server_jolokia_metrics_allowlist = [],
   Stdlib::Filemode $puppetconf_mode = $puppet::params::puppetconf_mode,
+  Optional[String] $server_jolokia_metrics_policy = undef,
 ) inherits puppet::params {
   contain puppet::config
 
diff --git a/manifests/server.pp b/manifests/server.pp
index 551a8c38..8e728c59 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -337,6 +337,8 @@
 #
 # $jolokia_metrics_allowlist::         The allowlist of clients that
 #                                      can query the jolokia /metrics/v2 endpoint
+#
+# $jolokia_metrics_policy::            The content of the jolokia-access.xml file for the jolokia metrics endpoint
 class puppet::server (
   Variant[Boolean, Stdlib::Absolutepath] $autosign = $puppet::autosign,
   Array[String] $autosign_entries = $puppet::autosign_entries,
@@ -458,6 +460,7 @@
   Optional[Stdlib::Absolutepath] $versioned_code_id = $puppet::server_versioned_code_id,
   Optional[Stdlib::Absolutepath] $versioned_code_content = $puppet::server_versioned_code_content,
   Array[String[1]] $jolokia_metrics_allowlist = $puppet::server_jolokia_metrics_allowlist,
+  Optional[String] $jolokia_metrics_policy = $puppet::server_jolokia_metrics_policy,
 ) {
   $cadir = "${puppetserver_dir}/ca"
 
diff --git a/manifests/server/puppetserver.pp b/manifests/server/puppetserver.pp
index d2b6d2a1..8463b015 100644
--- a/manifests/server/puppetserver.pp
+++ b/manifests/server/puppetserver.pp
@@ -144,6 +144,7 @@
   Optional[Stdlib::Absolutepath] $versioned_code_content = $puppet::server::versioned_code_content,
   Boolean $disable_fips = $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] == '8',
   Array[String[1]] $jolokia_metrics_allowlist = $puppet::server::jolokia_metrics_allowlist,
+  Optional[String] $jolokia_metrics_policy = $puppet::server::jolokia_metrics_policy,
 ) {
   include puppet::server
 
@@ -271,4 +272,11 @@
     ensure  => 'file',
     content => template('puppet/server/puppetserver/conf.d/metrics.conf.erb'),
   }
+
+  if $jolokia_metrics_policy != undef {
+    file { '/etc/puppetlabs/puppetserver/jolokia-access.xml' :
+      ensure => file,
+      source => $jolokia_metrics_policy,
+    }
+  }
 }
diff --git a/templates/server/puppetserver/conf.d/metrics.conf.erb b/templates/server/puppetserver/conf.d/metrics.conf.erb
index e1f33085..725c960a 100644
--- a/templates/server/puppetserver/conf.d/metrics.conf.erb
+++ b/templates/server/puppetserver/conf.d/metrics.conf.erb
@@ -56,7 +56,11 @@ metrics: {
             servlet-init-params: {
                 # Specify a custom security policy:
                 #  https://jolokia.org/reference/html/security.html
+<% if @jolokia_metrics_policy -%>
+                policyLocation: "file:///etc/puppetlabs/puppetserver/jolokia-access.xml"
+<%- else -%>
                 # policyLocation: "file:///etc/puppetlabs/puppetserver/jolokia-access.xml"
+<% end -%>
             }
         }
     }