diff --git a/authorization_services/topics/enforcer-keycloak-enforcement-filter.adoc b/authorization_services/topics/enforcer-keycloak-enforcement-filter.adoc
index d75e210e76..3e102765bf 100644
--- a/authorization_services/topics/enforcer-keycloak-enforcement-filter.adoc
+++ b/authorization_services/topics/enforcer-keycloak-enforcement-filter.adoc
@@ -124,6 +124,12 @@ The name of the HTTP method.
 +
 An array of strings with the scopes associated with the method. When you associate scopes with a specific method, the client trying to access a protected resource (or path) must provide an RPT that grants permission to all scopes specified in the list. For example, if you define a method _POST_ with a scope _create_, the RPT must contain a permission granting access to the _create_ scope when performing a POST to the path.
 +
+**** *scopes-enforcement-mode*
++
+A string referencing the enforcement mode for the scopes associated with a method. Values can be *ALL* or *ANY*. If *ALL*,
+all defined scopes must be granted in order to access the resource using that method. If *ANY*, at least one scope should be
+granted in order to gain access to the resource using that method. By default, enforcement mode is set to *ALL*.
++
 *** *enforcement-mode*
 +
 Specifies how policies are enforced.