diff --git a/internal/servers/controller/handlers/authmethods/authmethod_service.go b/internal/servers/controller/handlers/authmethods/authmethod_service.go
index 7b79cd2bed..9812a6d72b 100644
--- a/internal/servers/controller/handlers/authmethods/authmethod_service.go
+++ b/internal/servers/controller/handlers/authmethods/authmethod_service.go
@@ -239,7 +239,12 @@ func (s Service) UpdateAuthMethod(ctx context.Context, req *pbs.UpdateAuthMethod
 	}
 	u, err := s.updateInRepo(ctx, authResults.Scope.GetId(), req)
 	if err != nil {
-		return nil, err
+		switch {
+		case errors.Match(errors.T(errors.InvalidParameter), err):
+			return nil, handlers.ApiErrorWithCodeAndMessage(codes.InvalidArgument, "Unable to update auth method: %v.", err)
+		default:
+			return nil, err
+		}
 	}
 	u.Scope = authResults.Scope
 	u.AuthorizedActions = authResults.FetchActionSetForId(ctx, u.Id, IdActions[auth.SubtypeFromId(u.Id)]).Strings()
@@ -260,7 +265,12 @@ func (s Service) ChangeState(ctx context.Context, req *pbs.ChangeStateRequest) (
 	}
 	am, err := s.changeStateInRepo(ctx, req)
 	if err != nil {
-		return nil, err
+		switch {
+		case errors.Match(errors.T(errors.InvalidParameter), err):
+			return nil, handlers.ApiErrorWithCodeAndMessage(codes.InvalidArgument, "Unable to change auth method state: %v.", err)
+		default:
+			return nil, err
+		}
 	}
 	am.Scope = authResults.Scope
 	am.AuthorizedActions = authResults.FetchActionSetForId(ctx, am.Id, IdActions[auth.OidcSubtype]).Strings()