diff --git a/docs/modules/ROOT/pages/references/architecture/single_sign_on.adoc b/docs/modules/ROOT/pages/references/architecture/single_sign_on.adoc
index fc8fd349..8c7bedde 100644
--- a/docs/modules/ROOT/pages/references/architecture/single_sign_on.adoc
+++ b/docs/modules/ROOT/pages/references/architecture/single_sign_on.adoc
@@ -2,8 +2,8 @@
 
 == Problem Statement
 
-Our current log in system, based on LDAP has security issues.
-It doesn't allow for 2FA, and we enter our password in a lot of different masks, that could in theory be compromised.
+Our current log in system, which is based on LDAP, has security issues.
+It doesn't allow for 2FA, and we enter our password in a lot of different masks that could be compromised.
 
 We use Keycloak as the SSO solution for internal services and want to use it for customer clusters as well.
 Keycloak uses `Clients` to represent applications that can be logged into.
@@ -99,7 +99,7 @@ This config map is managed by `component-steward` and new facts can be added thr
 parameters:
   steward:
     additionalFacts:
-      vshnLdapServiceId: "{vshnLdap:serviceId}"
+      vshnLdapServiceId: "${vshnLdap:serviceId}"
 ----
 
 === The controller maps LDAP groups to local client roles