diff --git a/controllers/operator_methods.go b/controllers/operator_methods.go
index 140e08553bb751ced7416fdc4750c7e6be8b88b7..7718841402c1be69f6eade3a9acacf6b4ab8c477 100644
--- a/controllers/operator_methods.go
+++ b/controllers/operator_methods.go
@@ -36,8 +36,9 @@ func (r *GitlabPagesSiteReconciler) getOidcSecret(ctx context.Context, gitlabPag
 		}
 	}
 
-	// Ensure we have a valid ApplicationRegistration registration, this only happens when we have exactly one ApplicationRegistration
-	// with a status set by the authz-operator and this status says provisioning succeeded
+	// Ensure we have a valid ApplicationRegistration. This can happen when the ApplicationRegistration is `Created` (the website should be up and running)
+	// or when the ApplicationRegistration has state `DeletedFromAPI` (the website should be blocked). To check if the ApplicationRegistration is in one of those two states,
+	// we can check if the oidc secret exists.
 	if appReg.Status.ClientCredentialsSecret == "" {
 		meta.SetStatusCondition(&gitlabPagesSite.Status.Conditions, metav1.Condition{
 			Type:    webservicescernchv1alpha1.ConditionTypeGitlabPagesSiteCreated,