diff --git a/README.md b/README.md
index 307ab2d..4c448b8 100644
--- a/README.md
+++ b/README.md
@@ -71,12 +71,11 @@ revisions to (instead of deleting them).
 - `abra app deploy <domain> -f`
 - enjoy getting rid of S3 🥳
 
-## Single Sign On with Keycloak
+## Single Sign On with Keycloak/Authentik
 
-`abra app config YOURAPPNAME`, then uncomment everything in the `OIDC_` section.
-
-Create a new client in Keycloak:
-
-- **Valid Redirect URIs**: `https://YOURAPPDOMAIN/auth/oidc.callback`
-
-`abra app deploy YOURAPPDOMAIN`
+- Create an OIDC client in Keycloak (in Authentik this is called a provider and application)
+- Run `abra app config YOURAPPNAME`, then uncomment everything in the `OIDC_` section.
+  - **Valid Redirect URIs**: `https://YOURAPPDOMAIN/auth/oidc.callback`
+  - Reference the client/provider info to populate the `_AUTH_URI` `_TOKEN_URI` and `_USERINFO_URI` values
+- Set the OIDC secret using the value from the client/provider `abra app secret insert YOURAPPNAME oidc_client_secret v1 SECRETVALUE`
+- `abra app deploy YOURAPPDOMAIN`
\ No newline at end of file