diff --git a/docs/howto/configure/auth-management.md b/docs/howto/configure/auth-management.md
index 3c92a79057..0d7f862dfd 100644
--- a/docs/howto/configure/auth-management.md
+++ b/docs/howto/configure/auth-management.md
@@ -186,6 +186,18 @@ There are also some steps that a Community Representative will need to take to s
 
     When authenticating against a GitHub Team, we are required to use the `read:org` scope as the GitHub OAuth App needs to know which teams belong to the organisation as well as the members of the specified team.
     ```
+    
+    ````{note}
+    Allowing access to a specific GitHub team, let's say `ORG_NAME:TEAM_NAME`, doesn't mean that the users that are only members of the TEAM_NAME sub-teams, e.g. ORG_NAME:TEAM_NAME:SUB_TEAM_NAME`, will get access too.
+    
+    Instead, each sub-team must be explicitly added to the `allowed_organizations` list:
+    ```yaml
+    allowed_organizations:
+        - ORG_NAME:TEAM_NAME
+        - ORG_NAME:SUB_TEAM_NAME
+    ```
+    
+    ````
 
 6. Run the deployer as normal to apply the config.