diff --git a/dockerbuild/config/config.php b/dockerbuild/config/config.php
index 98b32d0..05cc948 100644
--- a/dockerbuild/config/config.php
+++ b/dockerbuild/config/config.php
@@ -8,8 +8,8 @@
 
 use Sil\PhpEnv\Env;
 use Sil\PhpEnv\EnvVarNotFoundException;
-use SimpleSAML\Utils;
 use SimpleSAML\Module\material\MaterialController;
+use SimpleSAML\Utils;
 
 $httpUtils = new Utils\HTTP();
 
@@ -71,6 +71,7 @@
 $PASSWORD_CHANGE_URL = Env::get('PASSWORD_CHANGE_URL');
 $PASSWORD_FORGOT_URL = Env::get('PASSWORD_FORGOT_URL');
 $HELP_CENTER_URL = Env::get('HELP_CENTER_URL');
+$TRUSTED_URL_DOMAINS = Env::getArray('TRUSTED_URL_DOMAINS', []);
 
 $config = [
 
@@ -323,7 +324,7 @@
      * Example:
      *   'trusted.url.domains' => ['sp.example.com', 'app.example.com'],
      */
-    'trusted.url.domains' => null,
+    'trusted.url.domains' => $TRUSTED_URL_DOMAINS,
 
     /*
      * Enable regular expression matching of trusted.url.domains.
diff --git a/local.env.dist b/local.env.dist
index c09c0e9..a3a695e 100644
--- a/local.env.dist
+++ b/local.env.dist
@@ -85,3 +85,6 @@ TRUSTED_IP_ADDRESSES=
 # See "https://developers.google.com/recaptcha/docs/faq" for test key/secret.
 RECAPTCHA_SITE_KEY=
 RECAPTCHA_SECRET=
+
+# A comma-separated list of domains trusted for redirect. Should include, at a minimum, all logout redirect URL domains.
+TRUSTED_URL_DOMAINS=