diff --git a/authority/config.go b/authority/config.go
index 812a1db4..8cc742e4 100644
--- a/authority/config.go
+++ b/authority/config.go
@@ -76,9 +76,6 @@ func (c *AuthConfig) Validate(audiences provisioner.Audiences) error {
 	if c == nil {
 		return errors.New("authority cannot be undefined")
 	}
-	if len(c.Provisioners) == 0 {
-		return errors.New("authority.provisioners cannot be empty")
-	}
 
 	// Check that only one K8sSA is enabled
 	var k8sCount int
diff --git a/authority/config_test.go b/authority/config_test.go
index eb5e7a5a..40ae639b 100644
--- a/authority/config_test.go
+++ b/authority/config_test.go
@@ -255,12 +255,6 @@ func TestAuthConfigValidate(t *testing.T) {
 				err: errors.New("authority cannot be undefined"),
 			}
 		},
-		"fail-empty-provisioners": func(t *testing.T) AuthConfigValidateTest {
-			return AuthConfigValidateTest{
-				ac:  &AuthConfig{},
-				err: errors.New("authority.provisioners cannot be empty"),
-			}
-		},
 		"fail-invalid-provisioners": func(t *testing.T) AuthConfigValidateTest {
 			return AuthConfigValidateTest{
 				ac: &AuthConfig{
@@ -283,6 +277,12 @@ func TestAuthConfigValidate(t *testing.T) {
 				err: errors.New("claims: MinTLSCertDuration must be greater than 0"),
 			}
 		},
+		"ok-empty-provisioners": func(t *testing.T) AuthConfigValidateTest {
+			return AuthConfigValidateTest{
+				ac:     &AuthConfig{},
+				asn1dn: x509util.ASN1DN{},
+			}
+		},
 		"ok-empty-asn1dn-template": func(t *testing.T) AuthConfigValidateTest {
 			return AuthConfigValidateTest{
 				ac: &AuthConfig{