diff --git a/modules/assign-role-to-user-or-group.adoc b/modules/assign-role-to-user-or-group.adoc
index 0dd3c58bb62c..b42e1b88cf77 100644
--- a/modules/assign-role-to-user-or-group.adoc
+++ b/modules/assign-role-to-user-or-group.adoc
@@ -12,9 +12,9 @@ You can use the {product-title-short} portal to assign roles to a user or a grou
 . From the list of authentication providers, select the authentication provider.
 . Click *Edit minimum role and rules*.
 . Under the *Rules* section, click *Add new rule*.
-. For *Key*, select one of the values from `userid`, `name`, `email` or `group`.
-. For *Value*, enter the value of the user ID, name, email address or group based on the key you selected.
-. Click the *Role* drop-down menu and select the role you want to assign.
+. For *Key*, select one of the values from `userid`, `name`, `email`, or `groups`. The available choices depend on the authentication provider.
+. For *Value*, enter the value of the user ID, name, email address, or group based on the key you selected. For example, to assign the `Analyst` role to a user by email, after selecting `email` for the *Key* field, enter the email address of the user.
+. Click the *Role* drop-down menu and select the role you want to assign. For example, to assign the `Analyst` role to a user whose email you have entered, select `Analyst`.
 . Click *Save*.
 
-You can repeat these instructions for each user or group and assign different roles.
+You can repeat these instructions for each user or group and assign different roles. For role aggregation, you can use the same key/value pair with multiple roles. For example, you can create a rule that assigns the `Analyst` role to the user `jsmith@example.com`, and then add another rule to assign the `Vulnerability Report Creator` role to the same user. For more information about roles, see "System roles".