diff --git a/backend/src/Squidex/Areas/IdentityServer/Config/IdentityServerServices.cs b/backend/src/Squidex/Areas/IdentityServer/Config/IdentityServerServices.cs
index 8127fbe1a..74554242a 100644
--- a/backend/src/Squidex/Areas/IdentityServer/Config/IdentityServerServices.cs
+++ b/backend/src/Squidex/Areas/IdentityServer/Config/IdentityServerServices.cs
@@ -15,6 +15,7 @@ using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.DataProtection.KeyManagement;
 using Microsoft.AspNetCore.DataProtection.Repositories;
 using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
 using Squidex.Domain.Users;
@@ -26,12 +27,14 @@ namespace Squidex.Areas.IdentityServer.Config
 {
     public static class IdentityServerServices
     {
-        public static void AddSquidexIdentityServer(this IServiceCollection services)
+        public static void AddSquidexIdentityServer(this IServiceCollection services, IConfiguration config)
         {
             X509Certificate2 certificate;
 
             var assembly = typeof(IdentityServerServices).Assembly;
 
+            var urlsOptions = config.GetSection("urls").Get<UrlsOptions>();
+
             using (var certificateStream = assembly.GetManifestResourceStream("Squidex.Areas.IdentityServer.Config.Cert.IdentityCert.pfx"))
             {
                 var certData = new byte[certificateStream!.Length];
@@ -74,6 +77,10 @@ namespace Squidex.Areas.IdentityServer.Config
             services.AddIdentityServer(options =>
                 {
                     options.UserInteraction.ErrorUrl = "/error/";
+                    if (!string.IsNullOrWhiteSpace(urlsOptions.BaseUrl))
+                    {
+                        options.PublicOrigin = urlsOptions.BaseUrl;
+                    }
                 })
                 .AddAspNetIdentity<IdentityUser>()
                 .AddInMemoryApiResources(GetApiResources())
diff --git a/backend/src/Squidex/Config/Authentication/MicrosoftAuthenticationServices.cs b/backend/src/Squidex/Config/Authentication/MicrosoftAuthenticationServices.cs
index aabd68f12..d03814afa 100644
--- a/backend/src/Squidex/Config/Authentication/MicrosoftAuthenticationServices.cs
+++ b/backend/src/Squidex/Config/Authentication/MicrosoftAuthenticationServices.cs
@@ -27,7 +27,6 @@ namespace Squidex.Config.Authentication
                     if (!string.IsNullOrEmpty(tenantId))
                     {
                         var resource = "https://graph.microsoft.com";
-
                         options.AuthorizationEndpoint = $"https://login.microsoftonline.com/{tenantId}/oauth2/authorize?resource={resource}";
                         options.TokenEndpoint = $"https://login.microsoftonline.com/{tenantId}/oauth2/token?resource={resource}";
                     }
diff --git a/backend/src/Squidex/Startup.cs b/backend/src/Squidex/Startup.cs
index c15572b4c..4fbef75a7 100644
--- a/backend/src/Squidex/Startup.cs
+++ b/backend/src/Squidex/Startup.cs
@@ -54,7 +54,7 @@ namespace Squidex
             services.AddSquidexHealthChecks(config);
             services.AddSquidexHistory();
             services.AddSquidexIdentity(config);
-            services.AddSquidexIdentityServer();
+            services.AddSquidexIdentityServer(config);
             services.AddSquidexInfrastructure(config);
             services.AddSquidexMigration(config);
             services.AddSquidexNotifications(config);