diff --git a/README.md b/README.md
index 94c62bf4..d82dc51f 100644
--- a/README.md
+++ b/README.md
@@ -44,7 +44,6 @@ module "secrets_manager" {
   region               = "us-south"
   secrets_manager_name = "my-secrets-manager"
   sm_service_plan      = "trial"
-  service_endpoints    = "public-and-private"
 }
 ```
 
@@ -91,6 +90,7 @@ You need the following permissions to run this module.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_allowed_network"></a> [allowed\_network](#input\_allowed\_network) | The types of service endpoints to set on the Secrets Manager instance. Possible values are `private-only` or `public-and-private`. | `string` | `"public-and-private"` | no |
 | <a name="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules) | (Optional, list) List of CBR rules to create | <pre>list(object({<br>    description = string<br>    account_id  = string<br>    rule_contexts = list(object({<br>      attributes = optional(list(object({<br>        name  = string<br>        value = string<br>    }))) }))<br>    enforcement_mode = string<br>  }))</pre> | `[]` | no |
 | <a name="input_enable_event_notification"></a> [enable\_event\_notification](#input\_enable\_event\_notification) | Set this to true to enable lifecycle notifications for your Secrets Manager instance by connecting an Event Notifications service. When setting this to true, a value must be passed for `existing_en_instance_crn` variable. | `bool` | `false` | no |
 | <a name="input_endpoint_type"></a> [endpoint\_type](#input\_endpoint\_type) | The type of endpoint (public or private) to connect to the Secrets Manager API. The Terraform provider uses this endpoint type to interact with the Secrets Manager API and configure Event Notifications. | `string` | `"public"` | no |
@@ -101,7 +101,6 @@ You need the following permissions to run this module.
 | <a name="input_region"></a> [region](#input\_region) | The region to provision the Secrets Manager instance to. | `string` | n/a | yes |
 | <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The ID of the resource group to provision the Secrets Manager instance to. | `string` | n/a | yes |
 | <a name="input_secrets_manager_name"></a> [secrets\_manager\_name](#input\_secrets\_manager\_name) | The name to give the Secrets Manager instance. | `string` | n/a | yes |
-| <a name="input_service_endpoints"></a> [service\_endpoints](#input\_service\_endpoints) | The types of service endpoints to set on the Secrets Manager instance. Possible values are `public`, `private` or `public-and-private`. | `string` | `"public-and-private"` | no |
 | <a name="input_skip_en_iam_authorization_policy"></a> [skip\_en\_iam\_authorization\_policy](#input\_skip\_en\_iam\_authorization\_policy) | Set to true to skip the creation of an IAM authorization policy that permits all Secrets Manager instances (scoped to the resource group) an 'Event Source Manager' role to the given Event Notifications instance passed in the `existing_en_instance_crn` input variable. In addition, no policy is created if `enable_event_notification` is set to false. | `bool` | `false` | no |
 | <a name="input_skip_kms_iam_authorization_policy"></a> [skip\_kms\_iam\_authorization\_policy](#input\_skip\_kms\_iam\_authorization\_policy) | Set to true to skip the creation of an IAM authorization policy that permits all Secrets Manager instances in the resource group to read the encryption key from the KMS instance. If set to false, pass in a value for the KMS instance in the `existing_kms_instance_guid` variable. In addition, no policy is created if `kms_encryption_enabled` is set to false. | `bool` | `false` | no |
 | <a name="input_sm_service_plan"></a> [sm\_service\_plan](#input\_sm\_service\_plan) | The Secrets Manager plan to provision. | `string` | `"standard"` | no |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 2e3a4392..810ee43d 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -42,7 +42,6 @@ module "secrets_manager" {
   secrets_manager_name       = "${var.prefix}-secrets-manager" #tfsec:ignore:general-secrets-no-plaintext-exposure
   sm_service_plan            = var.sm_service_plan
   sm_tags                    = var.resource_tags
-  service_endpoints          = "public-and-private"
   kms_encryption_enabled     = true
   existing_kms_instance_guid = module.key_protect.kms_guid
   kms_key_crn                = module.key_protect.keys["${var.prefix}-sm.${var.prefix}-sm-key"].crn
diff --git a/main.tf b/main.tf
index 6cf8a887..f072680a 100644
--- a/main.tf
+++ b/main.tf
@@ -4,8 +4,6 @@
 
 # Validation
 locals {
-  allowed_network = var.service_endpoints == "private" ? "private-only" : "public-and-private"
-
   # Validation (approach based on https://github.com/hashicorp/terraform/issues/25609#issuecomment-1057614400)
   # tflint-ignore: terraform_unused_declarations
   validate_kms_values = (!var.kms_encryption_enabled && var.kms_key_crn != null) ? tobool("When passing values for var.kms_key_crn, you must set var.kms_encryption_enabled to true. Otherwise unset them to use default encryption") : (!var.kms_encryption_enabled && var.existing_kms_instance_guid != null) ? tobool("When passing values for var.existing_kms_instance_guid, you must set var.kms_encryption_enabled to true. Otherwise unset them to use default encryption") : true
@@ -16,7 +14,7 @@ locals {
   # tflint-ignore: terraform_unused_declarations
   validate_event_notification = var.enable_event_notification && var.existing_en_instance_crn == null ? tobool("When setting var.enable_event_notification to true, a value must be passed for var.existing_en_instance_crn") : true
   # tflint-ignore: terraform_unused_declarations
-  validate_endpoint = var.enable_event_notification && (var.endpoint_type == "public" && var.service_endpoints == "private") || (var.endpoint_type == "private" && var.service_endpoints == "public") ? tobool("It is not allowed to have conflicting var.endpoint_type and var.service_endpoints values.") : true
+  validate_endpoint = var.enable_event_notification && var.endpoint_type == "public" && var.allowed_network == "private-only" ? tobool("It is not allowed to have conflicting var.endpoint_type and var.allowed_network values.") : true
 }
 
 # Create Secrets Manager Instance
@@ -24,13 +22,12 @@ resource "ibm_resource_instance" "secrets_manager_instance" {
   depends_on        = [ibm_iam_authorization_policy.kms_policy]
   name              = var.secrets_manager_name
   service           = "secrets-manager"
-  service_endpoints = var.service_endpoints
   plan              = var.sm_service_plan
   location          = var.region
   resource_group_id = var.resource_group_id
   tags              = var.sm_tags
   parameters = {
-    "allowed_network" = local.allowed_network
+    "allowed_network" = var.allowed_network
     "kms_instance"    = var.existing_kms_instance_guid
     "kms_key"         = var.kms_key_crn
   }
diff --git a/modules/fscloud/main.tf b/modules/fscloud/main.tf
index 29424ada..b9465505 100644
--- a/modules/fscloud/main.tf
+++ b/modules/fscloud/main.tf
@@ -5,7 +5,7 @@ module "secrets_manager" {
   secrets_manager_name             = var.secrets_manager_name #tfsec:ignore:general-secrets-no-plaintext-exposure
   sm_service_plan                  = var.service_plan
   sm_tags                          = var.sm_tags
-  service_endpoints                = "private"
+  allowed_network                  = "private-only"
   endpoint_type                    = "private"
   kms_encryption_enabled           = true
   existing_kms_instance_guid       = var.existing_kms_instance_guid
diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf
index 75931d08..3736ce41 100644
--- a/solutions/standard/main.tf
+++ b/solutions/standard/main.tf
@@ -56,7 +56,7 @@ module "secrets_manager" {
   region               = var.region
   secrets_manager_name = var.secrets_manager_instance_name
   sm_service_plan      = var.service_plan
-  service_endpoints    = var.service_endpoints
+  allowed_network      = var.allowed_network
   sm_tags              = var.secret_manager_tags
   # kms dependency
   kms_encryption_enabled            = true
@@ -67,5 +67,5 @@ module "secrets_manager" {
   enable_event_notification        = var.existing_en_instance_crn != null ? true : false
   existing_en_instance_crn         = var.existing_en_instance_crn
   skip_en_iam_authorization_policy = var.skip_en_iam_authorization_policy
-  endpoint_type                    = var.service_endpoints == "private" ? var.service_endpoints : "public"
+  endpoint_type                    = var.allowed_network == "private-only" ? "private" : "public"
 }
diff --git a/solutions/standard/variables.tf b/solutions/standard/variables.tf
index c5a8ceb0..9a4c0131 100644
--- a/solutions/standard/variables.tf
+++ b/solutions/standard/variables.tf
@@ -45,14 +45,13 @@ variable "service_plan" {
   }
 }
 
-variable "service_endpoints" {
-  # public-and-private until IBM Console connects to SM via private endpoints
+variable "allowed_network" {
   type        = string
-  description = "The service endpoints to enable for all services deployed by this solution. Allowed values are `private` or `public-and-private`. If selecting `public-and-private`, communication to the instances will all be done over the public endpoints. Ensure to enable virtual routing and forwarding (VRF) in your account if using `private`, and that the terraform runtime has access to the the IBM Cloud private network."
+  description = "The types of service endpoints to set on the Secrets Manager instance. Possible values are `private-only` or `public-and-private`."
   default     = "public-and-private"
   validation {
-    condition     = contains(["private", "public-and-private"], var.service_endpoints)
-    error_message = "The specified service_endpoints is not a valid selection. Allowed values are `private` or `public-and-private`."
+    condition     = contains(["private-only", "public-and-private"], var.allowed_network)
+    error_message = "The specified allowed_network is not a valid selection!"
   }
 }
 
diff --git a/tests/pr_test.go b/tests/pr_test.go
index 196fccbf..23266700 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -131,7 +131,7 @@ func TestRunDASolutionSchematics(t *testing.T) {
 		{Name: "region", Value: options.Region, DataType: "string"},
 		{Name: "resource_group_name", Value: options.Prefix, DataType: "string"},
 		{Name: "service_plan", Value: "trial", DataType: "string"},
-		{Name: "service_endpoints", Value: "private", DataType: "string"},
+		{Name: "allowed_network", Value: "private-only", DataType: "string"},
 		{Name: "existing_kms_guid", Value: permanentResources["hpcs_south"], DataType: "string"},
 		{Name: "kms_region", Value: "us-south", DataType: "string"}, // KMS instance is in us-south
 	}
diff --git a/variables.tf b/variables.tf
index f6ba158f..91b5a2fd 100644
--- a/variables.tf
+++ b/variables.tf
@@ -33,13 +33,13 @@ variable "sm_tags" {
   default     = []
 }
 
-variable "service_endpoints" {
+variable "allowed_network" {
   type        = string
-  description = "The types of service endpoints to set on the Secrets Manager instance. Possible values are `public`, `private` or `public-and-private`."
+  description = "The types of service endpoints to set on the Secrets Manager instance. Possible values are `private-only` or `public-and-private`."
   default     = "public-and-private"
   validation {
-    condition     = contains(["public", "private", "public-and-private"], var.service_endpoints)
-    error_message = "The specified service_endpoints is not a valid selection!"
+    condition     = contains(["private-only", "public-and-private"], var.allowed_network)
+    error_message = "The specified allowed_network is not a valid selection!"
   }
 }