diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/authc/support/mapper/ExpressionRoleMapping.java b/plugin/src/main/java/org/elasticsearch/xpack/security/authc/support/mapper/ExpressionRoleMapping.java
index 097c72ec799..4da46b90de3 100644
--- a/plugin/src/main/java/org/elasticsearch/xpack/security/authc/support/mapper/ExpressionRoleMapping.java
+++ b/plugin/src/main/java/org/elasticsearch/xpack/security/authc/support/mapper/ExpressionRoleMapping.java
@@ -38,6 +38,11 @@ public class ExpressionRoleMapping implements ToXContentObject, Writeable {
 
     private static final ObjectParser<Builder, String> PARSER = new ObjectParser<>("role-mapping", Builder::new);
 
+    /**
+     * The Upgrade API added a 'type' field when converting from 5 to 6.
+     * We don't use it, but we need to skip it if it exists.
+     */
+    private static final String UPGRADE_API_TYPE_FIELD = "type";
 
     static {
         PARSER.declareStringArray(Builder::roles, Fields.ROLES);
@@ -46,8 +51,9 @@ public class ExpressionRoleMapping implements ToXContentObject, Writeable {
         PARSER.declareBoolean(Builder::enabled, Fields.ENABLED);
         BiConsumer<Builder, String> ignored = (b, v) -> {
         };
-        // skip the doc_type field in case we're parsing directly from the index
+        // skip the doc_type and type fields in case we're parsing directly from the index
         PARSER.declareString(ignored, new ParseField(NativeRoleMappingStore.DOC_TYPE_FIELD));
+        PARSER.declareString(ignored, new ParseField(UPGRADE_API_TYPE_FIELD));
         }
 
     private final String name;
diff --git a/plugin/src/test/java/org/elasticsearch/xpack/security/authc/support/mapper/ExpressionRoleMappingTests.java b/plugin/src/test/java/org/elasticsearch/xpack/security/authc/support/mapper/ExpressionRoleMappingTests.java
index 0d557074b9e..a51c5b4e99e 100644
--- a/plugin/src/test/java/org/elasticsearch/xpack/security/authc/support/mapper/ExpressionRoleMappingTests.java
+++ b/plugin/src/test/java/org/elasticsearch/xpack/security/authc/support/mapper/ExpressionRoleMappingTests.java
@@ -40,6 +40,7 @@ import org.hamcrest.Matchers;
 import org.junit.Before;
 import org.mockito.Mockito;
 
+import static org.hamcrest.Matchers.containsInAnyOrder;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.instanceOf;
@@ -118,6 +119,20 @@ public class ExpressionRoleMappingTests extends ESTestCase {
         assertThat(ex.getMessage(), containsString("disabled"));
     }
 
+    public void testParsingIgnoresTypeFields() throws Exception {
+        String json = "{"
+                + "\"enabled\": true, "
+                + "\"roles\": [  \"kibana_user\", \"sales\" ], "
+                + "\"rules\": "
+                + "    { \"field\": { \"dn\" : \"*,ou=sales,dc=example,dc=com\" } }, "
+                + "\"doc_type\": \"role-mapping\", "
+                + "\"type\": \"doc\""
+                + "}";
+        final ExpressionRoleMapping mapping = parse(json, "from_index");
+        assertThat(mapping.isEnabled(), equalTo(true));
+        assertThat(mapping.getRoles(), containsInAnyOrder("kibana_user", "sales"));
+    }
+
     private ExpressionRoleMapping parse(String json, String name) throws IOException {
         final NamedXContentRegistry registry = NamedXContentRegistry.EMPTY;
         final XContentParser parser = XContentType.JSON.xContent().createParser(registry, json);