diff --git a/ansible/roles/authentik/tasks/invitation.yml b/ansible/roles/authentik/tasks/invitation.yml
index 68e2511..b8be078 100644
--- a/ansible/roles/authentik/tasks/invitation.yml
+++ b/ansible/roles/authentik/tasks/invitation.yml
@@ -93,19 +93,20 @@
       Verification: {{ enrollment_flow_check.stdout | default('{}') }}
 
       Features:
-      - Public self-registration enabled
-      - Invitation token support
+      - Invitation-only enrollment (requires valid invitation token)
       - User prompts: username, name, email, password
       - Automatic user creation and login
-      - Set as default enrollment flow in brand
 
-      Note: Authentik applies blueprints asynchronously.
-      Changes should be visible within 1-2 minutes.
+      Note: Brand enrollment flow is NOT auto-configured (API restriction).
+      Flow is accessible via direct URL even without brand configuration.
 
-      To verify manually:
+      To use enrollment:
+      1. Create invitation: Directory > Invitations > Create Invitation
+      2. Share invitation link: https://{{ authentik_domain }}/if/flow/default-enrollment-flow/?itoken=TOKEN
+
+      To verify:
       - Login to https://{{ authentik_domain }}
       - Check Admin > Flows for "default-enrollment-flow"
-      - Check Admin > System > Brands > Flow enrollment
-      - Test enrollment at: https://{{ authentik_domain }}/if/flow/default-enrollment-flow/
+      - Test enrollment URL: https://{{ authentik_domain }}/if/flow/default-enrollment-flow/
       ========================================
   when: api_result.status is defined and api_result.status == 200