diff --git a/lambda/subArea/POST/index.js b/lambda/subArea/POST/index.js
index 59b5d82..0350dfc 100644
--- a/lambda/subArea/POST/index.js
+++ b/lambda/subArea/POST/index.js
@@ -14,7 +14,7 @@ const {
   createPutSubAreaObj,
 } = require("../../subAreaUtils");
 
-const SSO_URL = process.env.SSO_URL;
+const SSO_ORIGIN = process.env.SSO_ORIGIN;
 const SSO_CLIENT_ID = process.env.SSO_CLIENT_ID;
 
 exports.handler = async (event, context) => {
@@ -98,7 +98,7 @@ exports.handler = async (event, context) => {
 
     // Add Keycloak role
     const kcRes = await createKeycloakRole(
-      SSO_URL,
+      SSO_ORIGIN,
       SSO_CLIENT_ID,
       event.headers.Authorization.replace("Bearer ", ""),
       `${subAreaObj.orcs}::${subAreaId}`,
diff --git a/terraform/src/subArea.tf b/terraform/src/subArea.tf
index be965c4..a7c6240 100644
--- a/terraform/src/subArea.tf
+++ b/terraform/src/subArea.tf
@@ -16,11 +16,12 @@ resource "aws_lambda_function" "subAreaGetLambda" {
 
   environment {
     variables = {
-      SSO_ISSUER  = data.aws_ssm_parameter.sso_issuer.value,
-      SSO_ORIGIN  = data.aws_ssm_parameter.sso_origin.value,
-      SSO_JWKSURI = data.aws_ssm_parameter.sso_jwksuri.value,
-      TABLE_NAME  = aws_dynamodb_table.ar_table.name,
-      LOG_LEVEL   = "info"
+      SSO_ISSUER    = data.aws_ssm_parameter.sso_issuer.value,
+      SSO_ORIGIN    = data.aws_ssm_parameter.sso_origin.value,
+      SSO_JWKSURI   = data.aws_ssm_parameter.sso_jwksuri.value,
+      SSO_CLIENT_ID = data.aws_ssm_parameter.keycloak_client_id.value,
+      TABLE_NAME    = aws_dynamodb_table.ar_table.name,
+      LOG_LEVEL     = "info"
     }
   }
 }