diff --git a/process-services/2.4/config/authenticate.md b/process-services/2.4/config/authenticate.md
index 20c5a243f8..b4d9994f82 100644
--- a/process-services/2.4/config/authenticate.md
+++ b/process-services/2.4/config/authenticate.md
@@ -42,8 +42,8 @@ Configure the `activiti-identity-service.properties` file using the below proper
 |keycloak.public-client| *Optional.* The adapter will not send credentials for the client to the Identity Service if this is set to `true`.|
 |keycloak.credentials.secret| *Optional.* The secret key for this client if the access type is not set to `public`.|
 |keycloak.always-refresh-token| *Required.* The token will be refreshed for every request if this is set to `true`.|
-|keycloak.autodetect-bearer-only| *Required.* This should be set to true if your application serves both a web application and web services. It allows for the redirection of unauthorized users of the web application to the Identity Service sign in page, but send a HTTP 401 to unauthenticated SOAP or REST clients.|
-|keycloak.token-store| *Required.* The location of where the account information token is stored. Possible values are `cookie` or `session`. **Note:** If you have Process Services configured with the Identity Service you must use the value `cookie` otherwise upon logging out of Process Services a user will be redirected to an error page, for more see [Run Identity Service with Process Services]({% link identity-service/latest/config/index.md %}#run-identity-service-with-process-services).|
+|keycloak.autodetect-bearer-only| *Required.* This should be set to true if your application serves both a web application and web services. It allows for the redirection of unauthorized users of the web application to the Identity Service sign in page, but send a HTTP 401 to unauthenticated SOAP or REST clients. When setting `keycloak.autodetect-bearer-only` to `true`, the property `keycloak.token-store` needs to be set to `session`.|
+|keycloak.token-store| *Required.* The location of where the account information token is stored. Possible values are `cookie` or `session`. If you want to set `keycloak.token-store` with `cookie`, you will need to set `keycloak.autodetect-bearer-only` to `false`. **Note:** For more see [Run Identity Service with Process Services]({% link identity-service/latest/config/index.md %}#run-identity-service-with-process-services).|
 |keycloak.enable-basic-auth| *Optional.* Whether basic authentication is supported by the adapter. If set to `true` then a secret must also be provided.|
 |activiti.use-browser-based-logout| *Optional.* Sets whether signing out of Process Services calls the Identity Service `logout URL`. If set to `true`, set the **Admin URL** to `https://{server}:{port}/activiti-app/` under the client settings in the Identity Service management console.|
 |activiti.identity-service.cookie-auth-enabled| *Optional.* When set to `true` enables cookie-based authentication that will work alongside the Identity Service authentication.|