diff --git a/pkg/services/accesscontrol/resourcepermissions/api.go b/pkg/services/accesscontrol/resourcepermissions/api.go
index 9b433b0c505..95db0372e8a 100644
--- a/pkg/services/accesscontrol/resourcepermissions/api.go
+++ b/pkg/services/accesscontrol/resourcepermissions/api.go
@@ -137,13 +137,14 @@ type getResourcePermissionsResponse []resourcePermissionDTO
 // Responses:
 // 200: getResourcePermissionsResponse
 // 403: forbiddenError
+// 404: notFoundError
 // 500: internalServerError
 func (a *api) getPermissions(c *contextmodel.ReqContext) response.Response {
 	resourceID := web.Params(c.Req)[":resourceID"]
 
 	permissions, err := a.service.GetPermissions(c.Req.Context(), c.SignedInUser, resourceID)
 	if err != nil {
-		return response.Error(http.StatusInternalServerError, "failed to get permissions", err)
+		return response.ErrOrFallback(http.StatusInternalServerError, "failed to get permissions", err)
 	}
 
 	if a.service.options.Assignments.BuiltInRoles && !a.service.license.FeatureEnabled("accesscontrol.enforcement") {
@@ -223,6 +224,7 @@ type SetResourcePermissionsForUserParams struct {
 // 200: okResponse
 // 400: badRequestError
 // 403: forbiddenError
+// 404: notFoundError
 // 500: internalServerError
 func (a *api) setUserPermission(c *contextmodel.ReqContext) response.Response {
 	userID, err := strconv.ParseInt(web.Params(c.Req)[":userID"], 10, 64)
@@ -238,7 +240,7 @@ func (a *api) setUserPermission(c *contextmodel.ReqContext) response.Response {
 
 	_, err = a.service.SetUserPermission(c.Req.Context(), c.SignedInUser.GetOrgID(), accesscontrol.User{ID: userID}, resourceID, cmd.Permission)
 	if err != nil {
-		return response.Error(http.StatusBadRequest, "failed to set user permission", err)
+		return response.ErrOrFallback(http.StatusBadRequest, "failed to set user permission", err)
 	}
 
 	return permissionSetResponse(cmd)
@@ -275,6 +277,7 @@ type SetResourcePermissionsForTeamParams struct {
 // 200: okResponse
 // 400: badRequestError
 // 403: forbiddenError
+// 404: notFoundError
 // 500: internalServerError
 func (a *api) setTeamPermission(c *contextmodel.ReqContext) response.Response {
 	teamID, err := strconv.ParseInt(web.Params(c.Req)[":teamID"], 10, 64)
@@ -290,7 +293,7 @@ func (a *api) setTeamPermission(c *contextmodel.ReqContext) response.Response {
 
 	_, err = a.service.SetTeamPermission(c.Req.Context(), c.SignedInUser.GetOrgID(), teamID, resourceID, cmd.Permission)
 	if err != nil {
-		return response.Error(http.StatusBadRequest, "failed to set team permission", err)
+		return response.ErrOrFallback(http.StatusBadRequest, "failed to set team permission", err)
 	}
 
 	return permissionSetResponse(cmd)
@@ -327,6 +330,7 @@ type SetResourcePermissionsForBuiltInRoleParams struct {
 // 200: okResponse
 // 400: badRequestError
 // 403: forbiddenError
+// 404: notFoundError
 // 500: internalServerError
 func (a *api) setBuiltinRolePermission(c *contextmodel.ReqContext) response.Response {
 	builtInRole := web.Params(c.Req)[":builtInRole"]
@@ -339,7 +343,7 @@ func (a *api) setBuiltinRolePermission(c *contextmodel.ReqContext) response.Resp
 
 	_, err := a.service.SetBuiltInRolePermission(c.Req.Context(), c.SignedInUser.GetOrgID(), builtInRole, resourceID, cmd.Permission)
 	if err != nil {
-		return response.Error(http.StatusBadRequest, "failed to set role permission", err)
+		return response.ErrOrFallback(http.StatusBadRequest, "failed to set role permission", err)
 	}
 
 	return permissionSetResponse(cmd)
@@ -372,6 +376,7 @@ type SetResourcePermissionsParams struct {
 // 200: okResponse
 // 400: badRequestError
 // 403: forbiddenError
+// 404: notFoundError
 // 500: internalServerError
 func (a *api) setPermissions(c *contextmodel.ReqContext) response.Response {
 	resourceID := web.Params(c.Req)[":resourceID"]
@@ -383,7 +388,7 @@ func (a *api) setPermissions(c *contextmodel.ReqContext) response.Response {
 
 	_, err := a.service.SetPermissions(c.Req.Context(), c.SignedInUser.GetOrgID(), resourceID, cmd.Permissions...)
 	if err != nil {
-		return response.Error(http.StatusBadRequest, "failed to set permissions", err)
+		return response.ErrOrFallback(http.StatusBadRequest, "failed to set permission", err)
 	}
 
 	return response.Success("Permissions updated")
diff --git a/pkg/services/dashboards/accesscontrol.go b/pkg/services/dashboards/accesscontrol.go
index e3e933aa6c6..e8ec7661b35 100644
--- a/pkg/services/dashboards/accesscontrol.go
+++ b/pkg/services/dashboards/accesscontrol.go
@@ -2,6 +2,7 @@ package dashboards
 
 import (
 	"context"
+	"errors"
 	"strings"
 
 	"github.com/grafana/grafana/pkg/infra/metrics"
@@ -212,6 +213,9 @@ func GetInheritedScopes(ctx context.Context, orgID int64, folderUID string, fold
 	})
 
 	if err != nil {
+		if errors.Is(err, folder.ErrFolderNotFound) {
+			return nil, err
+		}
 		return nil, ac.ErrInternal.Errorf("could not retrieve folder parents: %w", err)
 	}
 
diff --git a/pkg/services/folder/folderimpl/sqlstore.go b/pkg/services/folder/folderimpl/sqlstore.go
index 7f291b267b6..512accdd93a 100644
--- a/pkg/services/folder/folderimpl/sqlstore.go
+++ b/pkg/services/folder/folderimpl/sqlstore.go
@@ -245,7 +245,7 @@ func (ss *sqlStore) GetParents(ctx context.Context, q folder.GetParentsQuery) ([
 	if len(folders) < 1 {
 		// the query is expected to return at least the same folder
 		// if it's empty it means that the folder does not exist
-		return nil, folder.ErrFolderNotFound
+		return nil, folder.ErrFolderNotFound.Errorf("folder not found")
 	}
 
 	return util.Reverse(folders[1:]), nil
@@ -308,7 +308,7 @@ func (ss *sqlStore) getParentsMySQL(ctx context.Context, q folder.GetParentsQuer
 			return err
 		}
 		if !ok {
-			return folder.ErrFolderNotFound
+			return folder.ErrFolderNotFound.Errorf("folder not found")
 		}
 		for {
 			f := &folder.Folder{}
diff --git a/public/api-enterprise-spec.json b/public/api-enterprise-spec.json
index 3a1788e437e..9f2f0d7e37c 100644
--- a/public/api-enterprise-spec.json
+++ b/public/api-enterprise-spec.json
@@ -8994,6 +8994,12 @@
         "$ref": "#/definitions/RoleDTO"
       }
     },
+    "getSSOSettingsResponse": {
+      "description": "",
+      "schema": {
+        "$ref": "#/definitions/SSOSettings"
+      }
+    },
     "getSharingOptionsResponse": {
       "description": "",
       "schema": {
@@ -9172,6 +9178,15 @@
         }
       }
     },
+    "listSSOSettingsResponse": {
+      "description": "",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/SSOSettings"
+        }
+      }
+    },
     "listSortOptionsResponse": {
       "description": "",
       "schema": {
diff --git a/public/api-merged.json b/public/api-merged.json
index 2120a49820f..5501bb68eee 100644
--- a/public/api-merged.json
+++ b/public/api-merged.json
@@ -765,6 +765,9 @@
           "403": {
             "$ref": "#/responses/forbiddenError"
           },
+          "404": {
+            "$ref": "#/responses/notFoundError"
+          },
           "500": {
             "$ref": "#/responses/internalServerError"
           }
@@ -809,6 +812,9 @@
           "403": {
             "$ref": "#/responses/forbiddenError"
           },
+          "404": {
+            "$ref": "#/responses/notFoundError"
+          },
           "500": {
             "$ref": "#/responses/internalServerError"
           }
@@ -861,6 +867,9 @@
           "403": {
             "$ref": "#/responses/forbiddenError"
           },
+          "404": {
+            "$ref": "#/responses/notFoundError"
+          },
           "500": {
             "$ref": "#/responses/internalServerError"
           }
@@ -914,6 +923,9 @@
           "403": {
             "$ref": "#/responses/forbiddenError"
           },
+          "404": {
+            "$ref": "#/responses/notFoundError"
+          },
           "500": {
             "$ref": "#/responses/internalServerError"
           }
@@ -967,6 +979,9 @@
           "403": {
             "$ref": "#/responses/forbiddenError"
           },
+          "404": {
+            "$ref": "#/responses/notFoundError"
+          },
           "500": {
             "$ref": "#/responses/internalServerError"
           }
diff --git a/public/openapi3.json b/public/openapi3.json
index 32fc629e6fc..a57e9fe0dac 100644
--- a/public/openapi3.json
+++ b/public/openapi3.json
@@ -13492,6 +13492,9 @@
           "403": {
             "$ref": "#/components/responses/forbiddenError"
           },
+          "404": {
+            "$ref": "#/components/responses/notFoundError"
+          },
           "500": {
             "$ref": "#/components/responses/internalServerError"
           }
@@ -13543,6 +13546,9 @@
           "403": {
             "$ref": "#/components/responses/forbiddenError"
           },
+          "404": {
+            "$ref": "#/components/responses/notFoundError"
+          },
           "500": {
             "$ref": "#/components/responses/internalServerError"
           }
@@ -13604,6 +13610,9 @@
           "403": {
             "$ref": "#/components/responses/forbiddenError"
           },
+          "404": {
+            "$ref": "#/components/responses/notFoundError"
+          },
           "500": {
             "$ref": "#/components/responses/internalServerError"
           }
@@ -13666,6 +13675,9 @@
           "403": {
             "$ref": "#/components/responses/forbiddenError"
           },
+          "404": {
+            "$ref": "#/components/responses/notFoundError"
+          },
           "500": {
             "$ref": "#/components/responses/internalServerError"
           }
@@ -13728,6 +13740,9 @@
           "403": {
             "$ref": "#/components/responses/forbiddenError"
           },
+          "404": {
+            "$ref": "#/components/responses/notFoundError"
+          },
           "500": {
             "$ref": "#/components/responses/internalServerError"
           }