diff --git a/authority/authority.go b/authority/authority.go
index 875c3a14..a4a76293 100644
--- a/authority/authority.go
+++ b/authority/authority.go
@@ -707,13 +707,13 @@ func (a *Authority) init() error {
 				}
 			}
 
-			// provide the current SCEP provisioner names, so that the provisioners
-			// can be validated when the CA is started.
-			options.SCEPProvisionerNames = a.getSCEPProvisionerNames()
-
 			a.scepOptions = options
 		}
 
+		// provide the current SCEP provisioner names, so that the provisioners
+		// can be validated when the CA is started.
+		a.scepOptions.SCEPProvisionerNames = a.getSCEPProvisionerNames()
+
 		// create a new SCEP authority
 		scepAuthority, err := scep.New(a, *a.scepOptions)
 		if err != nil {
diff --git a/authority/options.go b/authority/options.go
index f053b99c..4fc5a20f 100644
--- a/authority/options.go
+++ b/authority/options.go
@@ -206,15 +206,9 @@ func WithX509SignerFunc(fn func() ([]*x509.Certificate, crypto.Signer, error)) O
 	}
 }
 
-// func WithSCEPOptions(crt *x509.Certificate, s crypto.Signer, d crypto.Decrypter) Option {
-// 	return func(a *Authority) error {
-// 		a.scepCertificate = crt
-// 		a.scepSigner = s
-// 		a.scepDecrypter = d
-// 		return nil
-// 	}
-// }
-
+// WithFullSCEPOptions defines the options used for SCEP support.
+//
+// This feature is EXPERIMENTAL and might change at any time.
 func WithFullSCEPOptions(options *scep.Options) Option {
 	return func(a *Authority) error {
 		a.scepOptions = options