diff --git a/pkg/cluster/deploybaseresources_additional.go b/pkg/cluster/deploybaseresources_additional.go
index cb970cfca42..c35f0f1f171 100644
--- a/pkg/cluster/deploybaseresources_additional.go
+++ b/pkg/cluster/deploybaseresources_additional.go
@@ -208,11 +208,13 @@ func (m *manager) storageAccount(name, region string, ocpSubnets []string, encry
 	}
 
 	// For Workload Identity Cluster disable shared access keys, only User Delegated SAS are allowed
-	if m.doc.OpenShiftCluster.UsesWorkloadIdentity() && setSasPolicy {
+	if m.doc.OpenShiftCluster.UsesWorkloadIdentity() {
 		sa.AllowSharedKeyAccess = to.BoolPtr(false)
-		sa.SasPolicy = &mgmtstorage.SasPolicy{
-			SasExpirationPeriod: to.StringPtr("0.01:00:00"),
-			ExpirationAction:    to.StringPtr("Log"),
+		if setSasPolicy {
+			sa.SasPolicy = &mgmtstorage.SasPolicy{
+				SasExpirationPeriod: to.StringPtr("0.01:00:00"),
+				ExpirationAction:    to.StringPtr("Log"),
+			}
 		}
 	}