diff --git a/README.md b/README.md
index 9e62332c3a9e5b8eaa990a6936ab22c976a46e8e..05f9e0c22f5b698b8b469f6cb88df9de387d2796 100644
--- a/README.md
+++ b/README.md
@@ -156,7 +156,7 @@ auth {
 | Provider |       Option | Notes                                                                                                                                  |
 |---------:|-------------:|----------------------------------------------------------------------------------------------------------------------------------------|
 | Google   |       domain | If this is unset then you must whitelist individual email addresses using `users_whitelist`.                                           |
-| Github   | organization | If this is unset then any GitHub user can obtain a token. The oauth client and secrets should be issued by the specified organization. |
+| Github   | organization | If this is unset then you must whitelist individual users using `users_whitelist`. The oauth client and secrets should be issued by the specified organization. |
 
 Supported options: