diff --git a/internal/auth/auth.go b/internal/auth/auth.go
index 37f0e5e094..ae42d50602 100644
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -17,6 +17,7 @@ import (
 	"github.com/hashicorp/boundary/internal/servers/controller/common"
 	"github.com/hashicorp/boundary/internal/servers/controller/handlers"
 	"github.com/hashicorp/boundary/internal/types/action"
+	"github.com/hashicorp/boundary/internal/types/resource"
 	"github.com/hashicorp/boundary/internal/types/scope"
 	"github.com/hashicorp/boundary/sdk/recovery"
 	"github.com/hashicorp/go-hclog"
@@ -143,6 +144,10 @@ func Verify(ctx context.Context, opt ...Option) (ret VerifyResults) {
 		Pin:     opts.withPin,
 		Type:    opts.withType,
 	}
+	// Global scope has no parent ID; account for this
+	if opts.withId == scope.Global.String() && opts.withType == resource.Scope {
+		v.res.ScopeId = scope.Global.String()
+	}
 
 	if v.requestInfo.EncryptedToken != "" {
 		v.decryptToken()
diff --git a/internal/cmd/commands/scopes/scope.go b/internal/cmd/commands/scopes/scope.go
index 8b3633d880..b39d5dfb85 100644
--- a/internal/cmd/commands/scopes/scope.go
+++ b/internal/cmd/commands/scopes/scope.go
@@ -117,7 +117,9 @@ func (c *Command) Run(args []string) int {
 		opts = append(opts, scopes.WithDescription(c.FlagDescription))
 	}
 
-	opts = append(opts, scopes.WithSkipRoleCreation(c.flagSkipRoleCreation))
+	if c.flagSkipRoleCreation {
+		opts = append(opts, scopes.WithSkipRoleCreation(c.flagSkipRoleCreation))
+	}
 
 	scopeClient := scopes.NewClient(client)