diff --git a/docs/source/gssapi.rst b/docs/source/gssapi.rst
index 75173f92..7c99fd49 100644
--- a/docs/source/gssapi.rst
+++ b/docs/source/gssapi.rst
@@ -65,6 +65,34 @@ imported in the high-level API :mod:`gssapi` module:
 .. autoclass:: gssapi.RequirementFlag
     :show-inheritance:
 
+The ``ok_as_delegate`` flag corresponds to the C level flag
+``GSS_C_DELEG_POLICY_FLAG``. This flag is similar to ``delegate_to_peer``
+except it only delegates if the KDC delegation policies for the service
+principal allow it to use delegation. This is typically used on Microsoft
+domain environments to control whether constrained or unconstrained delegation
+is allowed for a service principal. By setting this flag, the delegation
+process follows the same behaviour as delegation on SSPI/Windows.
+
+Here are the four cases when either of these flags are set or not.
+
+Neither flag set
+   No delegation occurs.
+
+delegate_to_peer
+   Always try to delegate regardless of the KDC delegation policies.
+   ``delegate_to_peer`` is set in the return flags if successful.
+
+ok_as_delegate
+   Try to delegate but only if the KDC trusts the service principal for
+   delegation. ``delegate_to_peer`` and ``ok_as_delegate`` are set in the
+   return flags if successful.
+
+delegate_to_peer | ok_as_delegate
+   Acts like ``delegate_to_peer`` being set but will also set
+   ``ok_as_delegate`` in the return flags if the service principal was trusted
+   for delegation by the KDC.
+
+
 .. autoclass:: gssapi.AddressType
     :show-inheritance:
 
diff --git a/gssapi/raw/cython_types.pxd b/gssapi/raw/cython_types.pxd
index 987c922d..1af03d7c 100644
--- a/gssapi/raw/cython_types.pxd
+++ b/gssapi/raw/cython_types.pxd
@@ -105,6 +105,7 @@ cdef extern from "python_gssapi.h":
     OM_uint32 GSS_C_ANON_FLAG
     OM_uint32 GSS_C_TRANS_FLAG
     OM_uint32 GSS_C_PROT_READY_FLAG
+    OM_uint32 GSS_C_DELEG_POLICY_FLAG
 
     # address types
     OM_uint32 GSS_C_AF_UNSPEC
diff --git a/gssapi/raw/types.pyx b/gssapi/raw/types.pyx
index 68d6af12..5a2ca053 100644
--- a/gssapi/raw/types.pyx
+++ b/gssapi/raw/types.pyx
@@ -60,6 +60,7 @@ class RequirementFlag(IntEnum, metaclass=ExtendableEnum):
     anonymity = GSS_C_ANON_FLAG
     protection_ready = GSS_C_PROT_READY_FLAG
     transferable = GSS_C_TRANS_FLAG
+    ok_as_delegate = GSS_C_DELEG_POLICY_FLAG
 
 
 class AddressType(IntEnum, metaclass=ExtendableEnum):