diff --git a/README.md b/README.md
index 3cd8b04..1c90946 100644
--- a/README.md
+++ b/README.md
@@ -96,7 +96,7 @@ Get the Vault command-line client via [vaultproject.io/downloads](https://www.va
 
 * Optionally [policies/role-cfgmgmt/cfgmgmt.hcl](policies/role-cfgmgmt/cfgmgmt.hcl) gets you started with read-only secrets access for example for a config management tool like Ansible.
 
-    You'll want to create an Ansible entity with an alias, create both a `token` and a `userpass` alias and use the latter one to authenticate against Vault to retrieve a token. You'll likely want a distinct group where your Ansible entity becomes a member and which uses a policy such as the example at [policies/role-cfgmgmt/cfgmgmt.hcl](policies/role-cfgmgmt/cfgmgmt.hcl).
+    You'll want to create an Ansible entity with an alias and create both a `token` and a `userpass` alias. Lastly within the `userpass` auth method create a user of the same name used for both the entity and its aliases and use that user to authenticate against Vault. Retrieve a token. You'll likely want a distinct group where your Ansible entity becomes a member and which uses a policy such as the example at [policies/role-cfgmgmt/cfgmgmt.hcl](policies/role-cfgmgmt/cfgmgmt.hcl).
 
     From here on out it's just more of what you already did, feel free to make this fit your own approach.