Fix list item spacing

docs/pages/admin-guides/access-controls/sso/keycloak.mdx

@@ -104,19 +104,14 @@ $ tctl sso configure saml --name keycloak \
 In the example above:
 
 - `--entity-descriptor` specifies the app federation metadata URL
-
 - Each `--attributes-to-roles` specifies the name of the schema definition for groups,
   groups, the name of a Keycloak group and the Teleport role that members of the group
   will be assigned.
-
 - Keycloak includes an explicit leading `/` in the group name, 
   which is reflected in the group name specified in the above example.
-
 - `--acs` specifies where the SAML provider makes callbacks after successful authentication.
-
 - `--audience`  uniquely identifies your service provider (Teleport).
 
-
 The file `keycloak-connector.yaml` should now resemble the following:
 
 ```yaml
@@ -338,18 +333,17 @@ Update the connector by saving and closing the file in your editor.
 
 - Navigate to the **Keys** tab, and enable "Client Signature Required"
 
-![Enable client signature](../../../../img/sso/keycloak/client_signature.png)
+  ![Enable client signature](../../../../img/sso/keycloak/client_signature.png)
 
 - Import the converted cert.pkcs12 certificate
 
-![Import Signature](../../../../img/sso/keycloak/Import_signature.png)
+  ![Import Signature](../../../../img/sso/keycloak/Import_signature.png)
 
-Be sure to enter the correct **name** and **password**
-defined when converting the certificate as the **Key Alias** and **Store Password.**
+  Be sure to enter the correct **name** and **password** defined when converting
+  the certificate as the **Key Alias** and **Store Password.**
 
 - Click **Confirm** to activate it.
 
-
 If the SSO login with this connector is successful, the client signature validation works.
 
 ## Troubleshooting