diff --git a/server/config/authentik/README.md b/server/config/authentik/README.md
index bf27571..ba923a1 100644
--- a/server/config/authentik/README.md
+++ b/server/config/authentik/README.md
@@ -70,16 +70,17 @@ labels:
       - traefik.http.routers.<service>-auth.service=http://authentik-server:9000/outpost.goauthentik.io
 ```
 
-2. In the Authentik admin interface, navigate to *Applications --> Providers* and create a new provider. 
-    2a. Select type Proxy Provider. 
-    2b. Set the name to the name of the service (e.g. Sonarr). 
-    2c. Use the `default-provider-authorization-implicit-consent` Authorization flow. 
-    2d. Select the "Forward auth (single application)" configuration.
-    2e. For External host, use the value of the host rule label prepended with `https://` (e.g. `https://sonarr.jafner.net`).
-    2f. Leave the rest of the configuration as default. Click Finish to create the provider.
-3. In the Authentik admin interface, navigate to *Applications --> Applications* and create a new application. 
-    2a. Set the Name to the name of the service (e.g. Sonarr).
-    2b. Set the Slug to a URL-compliant version of the Name (e.g. `sonarr`)
-    2c. Set the Group if the service is part of a *group of services) (e.g. autopirate).
-    2d. Use the provider created in step 2 as Provider.
-    2e. Leave the rest of the configuration as default. Click Create to create the application. 
\ No newline at end of file
+2. In the Authentik admin interface, navigate to *Applications --> Providers* and create a new provider.  
+    2a. Select type Proxy Provider.   
+    2b. Set the name to the name of the service (e.g. Sonarr).  
+    2c. Use the `default-provider-authorization-implicit-consent` Authorization flow.  
+    2d. Select the "Forward auth (single application)" configuration.  
+    2e. For External host, use the value of the host rule label prepended with `https://` (e.g. `https://sonarr.jafner.net`).  
+    2f. Leave the rest of the configuration as default. Click Finish to create the provider.  
+3. In the Authentik admin interface, navigate to *Applications --> Applications* and create a new application.  
+    2a. Set the Name to the name of the service (e.g. Sonarr).  
+    2b. Set the Slug to a URL-compliant version of the Name (e.g. `sonarr`).  
+    2c. Set the Group if the service is part of a *group of services) (e.g. autopirate).  
+    2d. Use the provider created in step 2 as Provider.  
+    2e. Set the Policy engine mode to ALL.  
+    2f. Leave the rest of the configuration as default. Click Create to create the application.  
\ No newline at end of file