diff --git a/.env.example b/.env.example
index 1c78e93..0cf3f01 100644
--- a/.env.example
+++ b/.env.example
@@ -27,3 +27,9 @@ VITE_BASE_PATH=/dashboard/
 VITE_BACKEND_PORT=5001
 VITE_AZURE_TENANT_ID=your-tenant-id-here
 VITE_AZURE_CLIENT_ID=your-client-id-here
+
+# Azure AD Redirect URIs
+# Production redirect URI - must match what's registered in Azure AD
+VITE_REDIRECT_URI=https://yourdomain.com/dashboard/
+# Development redirect URI (used when running locally)
+VITE_REDIRECT_URI_DEV=http://localhost:5173
diff --git a/frontend/src/authConfig.js b/frontend/src/authConfig.js
index 0a612a2..267d5f0 100644
--- a/frontend/src/authConfig.js
+++ b/frontend/src/authConfig.js
@@ -4,12 +4,19 @@ import { LogLevel } from '@azure/msal-browser';
 const tenantId = import.meta.env.VITE_AZURE_TENANT_ID || 'e519c2e6-bc6d-4fdf-8d9c-923c2f002385';
 const clientId = import.meta.env.VITE_AZURE_CLIENT_ID || '014547f2-21c1-4245-881f-97f49543d963';
 
+// Determine redirect URI based on environment
+// In development, use VITE_REDIRECT_URI_DEV; in production, use VITE_REDIRECT_URI
+const isDevelopment = import.meta.env.DEV;
+const redirectUri = isDevelopment
+  ? (import.meta.env.VITE_REDIRECT_URI_DEV || 'http://localhost:5173')
+  : (import.meta.env.VITE_REDIRECT_URI || window.location.origin);
+
 export const msalConfig = {
   auth: {
     clientId: clientId,
     authority: `https://login.microsoftonline.com/${tenantId}`,
-    redirectUri: window.location.origin,
-    postLogoutRedirectUri: window.location.origin,
+    redirectUri: redirectUri,
+    postLogoutRedirectUri: redirectUri,
     navigateToLoginRequestUrl: false
   },
   cache: {