diff --git a/.env.sample b/.env.sample
index 9db8257..1e4a12c 100644
--- a/.env.sample
+++ b/.env.sample
@@ -46,10 +46,11 @@ DJANGO_EMAIL_FROM=mail@example.com
 ##############################################################################
 # NOTE: OpenID Connect (OIDC) single sign-on is **required**, see recipe README
 OIDC_REALM=yourkeycloakrealm
-OIDC_OP_JWKS_ENDPOINT=https://auth.${DOMAIN}/realms/${OIDC_REALM}/protocol/openid-connect/certs
-OIDC_OP_AUTHORIZATION_ENDPOINT=https://auth.${DOMAIN}/realms/${OIDC_REALM}/protocol/openid-connect/auth
-OIDC_OP_TOKEN_ENDPOINT=https://auth.${DOMAIN}/realms/${OIDC_REALM}/protocol/openid-connect/token
-OIDC_OP_USER_ENDPOINT=https://auth.${DOMAIN}/realms/${OIDC_REALM}/protocol/openid-connect/userinfo
+AUTH_DOMAIN=yourkeycloakdomain
+OIDC_OP_JWKS_ENDPOINT=https://${AUTH_DOMAIN}/realms/${OIDC_REALM}/protocol/openid-connect/certs
+OIDC_OP_AUTHORIZATION_ENDPOINT=https://${AUTH_DOMAIN}/realms/${OIDC_REALM}/protocol/openid-connect/auth
+OIDC_OP_TOKEN_ENDPOINT=https://${AUTH_DOMAIN}/realms/${OIDC_REALM}/protocol/openid-connect/token
+OIDC_OP_USER_ENDPOINT=https://${AUTH_DOMAIN}/realms/${OIDC_REALM}/protocol/openid-connect/userinfo
 OIDC_RP_CLIENT_ID=yourkeycloakclientid
 OIDC_RP_SIGN_ALGO=RS256
 OIDC_RP_SCOPES="openid email"