diff --git a/caprover_create_app.py b/caprover_create_app.py
index 40a62e0f..b8df100f 100644
--- a/caprover_create_app.py
+++ b/caprover_create_app.py
@@ -72,12 +72,7 @@ def main(app_name, image_name, environment_file):
         image_name=image_name,
         container_http_port=7555,
         environment_variables={
-            # 'DJANGO_SETTINGS_MODULE': 'config.settings.base',
             "VITE_APP_ENVIRONMENT": env.str("VITE_APP_ENVIRONMENT", "dev-feature"),
-            "VITE_LOGOUT_REDIRECT": env.str(
-                "VITE_LOGOUT_REDIRECT",
-                "https://vbvdev.b2clogin.com/vbvdev.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://vbv-lernwelt.control.iterativ.ch",
-            ),
             "IT_DEFAULT_ADMIN_PASSWORD": env.str("fWwoQzreIS5uztLOyF8jJpS9M"),
             "POSTGRES_HOST": f"srv-captain--{app_name}-postgres",
             "POSTGRES_PORT": 5432,
diff --git a/caprover_deploy.sh b/caprover_deploy.sh
index 08714662..692efda2 100755
--- a/caprover_deploy.sh
+++ b/caprover_deploy.sh
@@ -27,12 +27,15 @@ APP_NAME=${1:-$(generate_default_app_name)}
 
 if [[ "$APP_NAME" == "myvbv" ]]; then
     VITE_LOGOUT_REDIRECT="https://edumgr.b2clogin.com/edumgr.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://myvbv.iterativ.ch/"
+                          https://edumgr.b2clogin.com/edumgr.onmicrosoft.com/B2C_1_SignUpAndSignIn_v3/oauth2/v2.0/
     VITE_SENTRY_ENV="production"
 elif [[ "$APP_NAME" == "myvbv-stage" ]]; then
     VITE_LOGOUT_REDIRECT="https://vbvtst.b2clogin.com/vbvtst.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://myvbv-stage.iterativ.ch/"
+                          https://vbvtst.b2clogin.com/vbvtst.onmicrosoft.com/B2C_1_SignUpAndSignIn_v3/oauth2/v2.0/
     VITE_SENTRY_ENV="stage"
 elif [[ "$APP_NAME" == "vbv-lernwelt" ]]; then
-    VITE_LOGOUT_REDIRECT="https://vbvdev.b2clogin.com/vbvdev.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://vbv-lernwelt.control.iterativ.ch"
+    VITE_OAUTH_API_BASE_URL=  https://vbvdev.b2clogin.com/vbvdev.onmicrosoft.com/B2C_1_SignUpAndSignIn_v3/oauth2/v2.0/
+    VITE_LOGOUT_REDIRECT="    https://vbvdev.b2clogin.com/vbvdev.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://vbv-lernwelt.control.iterativ.ch"
     VITE_SENTRY_ENV="development"
 elif [[ "$APP_NAME" == "prod-azure" ]]; then
     VITE_LOGOUT_REDIRECT="https://edumgr.b2clogin.com/edumgr.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://my.vbv-afa.ch/"
diff --git a/client/src/stores/user.ts b/client/src/stores/user.ts
index e2403c9b..ba89c256 100644
--- a/client/src/stores/user.ts
+++ b/client/src/stores/user.ts
@@ -5,7 +5,15 @@ import { loadLocaleMessages, setI18nLanguage } from "@/i18n";
 import dayjs from "dayjs";
 import { defineStore } from "pinia";
 
-const logoutRedirectUrl = import.meta.env.VITE_LOGOUT_REDIRECT || "/";
+let logoutRedirectUrl = import.meta.env.VITE_LOGOUT_REDIRECT || "/";
+
+// TODO: check if user logged in with SSO or login-local
+if (import.meta.env.VITE_OAUTH_API_BASE_URL) {
+  logoutRedirectUrl = `${
+    import.meta.env.VITE_OAUTH_API_BASE_URL
+  }logout/?post_logout_redirect_uri=${window.location.origin}`;
+}
+
 // typed state https://stackoverflow.com/questions/71012513/when-using-pinia-and-typescript-how-do-you-use-an-action-to-set-the-state
 
 export type AvailableLanguages = "de" | "fr" | "it";
diff --git a/env_secrets/caprover_dev.env b/env_secrets/caprover_dev.env
index 411d93c8..41b28b09 100644
Binary files a/env_secrets/caprover_dev.env and b/env_secrets/caprover_dev.env differ
diff --git a/env_secrets/caprover_prod.env b/env_secrets/caprover_prod.env
index 2204b67b..39918c61 100644
Binary files a/env_secrets/caprover_prod.env and b/env_secrets/caprover_prod.env differ
diff --git a/env_secrets/caprover_stage.env b/env_secrets/caprover_stage.env
index 1faec62f..11147983 100644
Binary files a/env_secrets/caprover_stage.env and b/env_secrets/caprover_stage.env differ
diff --git a/env_secrets/local_chrigu.env b/env_secrets/local_chrigu.env
index 021af725..0810257d 100644
Binary files a/env_secrets/local_chrigu.env and b/env_secrets/local_chrigu.env differ
diff --git a/env_secrets/prod-azure.json b/env_secrets/prod-azure.json
index a150ae74..00840c82 100644
Binary files a/env_secrets/prod-azure.json and b/env_secrets/prod-azure.json differ
diff --git a/server/config/settings/base.py b/server/config/settings/base.py
index 5c6fef66..37ee082d 100644
--- a/server/config/settings/base.py
+++ b/server/config/settings/base.py
@@ -555,18 +555,18 @@ OAUTH = {
     "authorize_params": IT_OAUTH_AUTHORIZE_PARAMS,
     "access_token_params": IT_OAUTH_AUTHORIZE_PARAMS,
     "api_base_url": env(
-        "IT_OAUTH_API_BASE_URL",
+        "VITE_OAUTH_API_BASE_URL",
         default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/",
     ),
     "local_redirect_uri": env(
-        "IT_OAUTH_LOCAL_DIRECT_URI", default="http://localhost:8000/sso/callback/"
+        "IT_OAUTH_LOCAL_REDIRECT_URI", default="http://localhost:8000/sso/callback/"
     ),
     "server_metadata_url": env(
         "IT_OAUTH_SERVER_METADATA_URL",
         default="https://sso.test.b.lernetz.host/auth/realms/vbv/.well-known/openid-configuration",
     ),
     "client_kwargs": {
-        "scope": env("IT_OAUTH_SCOPE", default=""),
+        "scope": env("IT_OAUTH_SCOPE", default="openid email"),
         "token_endpoint_auth_method": "client_secret_post",
         "token_placement": "body",
     },