diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 9da01d51b..a7e667f9e 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -51,6 +51,7 @@ jobs:
       - name: Create requirements.txt
         run: poetry export --without-hashes --format=requirements.txt > requirements.txt
 
+
       - name: Deploy to cloud.gov
         uses: 18f/cg-deploy-action@main
         env:
@@ -66,6 +67,7 @@ jobs:
           LOGIN_DOT_GOV_LOGOUT_URL: "https://idp.int.identitysandbox.gov/openid_connect/logout?client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov&post_logout_redirect_uri=https://notify-staging.app.cloud.gov/sign-out"
           LOGIN_DOT_GOV_BASE_LOGOUT_URL: "https://idp.int.identitysandbox.gov/openid_connect/logout?"
           LOGIN_DOT_GOV_SIGNOUT_REDIRECT: "https://notify-staging.app.cloud.gov/sign-out"
+          LOGIN_DOT_GOV_INITIAL_SIGNIN_URL: "https://idp.int.identitysandbox.gov/openid_connect/authorize?acr_values=http%3A%2F%2Fidmanagement.gov%2Fns%2Fassurance%2Fial%2F1&client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov&nonce=01234567890123456789012345&prompt=select_account&redirect_uri=http://notify-staging.app.cloud.gov/sign-in&response_type=code&scope=openid+email&state=abcdefghijklmnopabcdefghijklmnop"
         with:
           cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
           cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
@@ -86,6 +88,7 @@ jobs:
             --var LOGIN_DOT_GOV_LOGOUT_URL="$LOGIN_DOT_GOV_LOGOUT_URL"
             --var LOGIN_DOT_GOV_BASE_LOGOUT_URL="$LOGIN_DOT_GOV_BASE_LOGOUT_URL"
             --var LOGIN_DOT_GOV_SIGNOUT_REDIRECT="$LOGIN_DOT_GOV_SIGNOUT_REDIRECT"
+            --var LOGIN_DOT_GOV_INITIAL_SIGNIN_URL="$LOGIN_DOT_GOV_INITIAL_SIGNIN_URL"
 
 
       - name: Check for changes to egress config
diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py
index 6fc9c286a..c0c4b7650 100644
--- a/app/main/views/sign_in.py
+++ b/app/main/views/sign_in.py
@@ -174,6 +174,8 @@ def sign_in():
     current_app.logger.info(
         f"LOGIN_DOT_GOV_SIGNOUT_REDIRECT={os.getenv('LOGIN_DOT_GOV_SIGNOUT_REDIRECT')}"
     )
+    initial_signin_url = os.getenv('LOGIN_DOT_GOV_INITIAL_SIGNIN_URL')
+    current_app.logger.info(f"LOGIN_DOT_GOV_INITIAL_SIGNIN_URL={initial_signin_url}")
 
     return render_template(
         "views/signin.html",
@@ -182,6 +184,7 @@ def sign_in():
         other_device=other_device,
         login_gov_enabled=bool(notify_env in ["development", "staging"]),
         password_reset_url=password_reset_url,
+        initial_signin_url=initial_signin_url,
     )
 
 
diff --git a/app/templates/views/signin.html b/app/templates/views/signin.html
index a2c0d244a..d47b4cc80 100644
--- a/app/templates/views/signin.html
+++ b/app/templates/views/signin.html
@@ -31,7 +31,7 @@
       {% if login_gov_enabled %}
       <p>
         Test login.gov authentication:
-        <a class="usa-link" href="https://idp.int.identitysandbox.gov/openid_connect/authorize?acr_values=http%3A%2F%2Fidmanagement.gov%2Fns%2Fassurance%2Fial%2F1&client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:test_notify_gov&nonce=01234567890123456789012345&prompt=select_account&redirect_uri=http://localhost:6012/sign-in&response_type=code&scope=openid+email&state=abcdefghijklmnopabcdefghijklmnop">Login.gov</a>.
+        <a class="usa-link" href="{{ initial_signin_url }}">Login.gov</a>.
       </p>
       {% endif %}
     {% endif %}
diff --git a/manifest.yml b/manifest.yml
index 1131e32f9..1c25fdf4a 100644
--- a/manifest.yml
+++ b/manifest.yml
@@ -46,3 +46,14 @@ applications:
 
       REQUESTS_CA_BUNDLE: "/etc/ssl/certs/ca-certificates.crt"
       NEW_RELIC_CA_BUNDLE_PATH: "/etc/ssl/certs/ca-certificates.crt"
+
+      # login.gov variables
+
+      LOGIN_PEM: ((LOGIN_PEM))
+      LOGIN_DOT_GOV_CLIENT_ID: ((LOGIN_DOT_GOV_CLIENT_ID))
+      LOGIN_DOT_GOV_USER_INFO_URL: ((LOGIN_DOT_GOV_USER_INFO_URL))
+      LOGIN_DOT_GOV_ACCESS_TOKEN_URL: ((LOGIN_DOT_GOV_ACCESS_TOKEN_URL))
+      LOGIN_DOT_GOV_LOGOUT_URL: ((LOGIN_DOT_GOV_LOGOUT_URL))
+      LOGIN_DOT_GOV_BASE_LOGOUT_URL: ((LOGIN_DOT_GOV_BASE_LOGOUT_URL))
+      LOGIN_DOT_GOV_SIGNOUT_REDIRECT: ((LOGIN_DOT_GOV_SIGNOUT_REDIRECT))
+      LOGIN_DOT_GOV_INITIAL_SIGNIN_URL: ((LOGIN_DOT_GOV_INITIAL_SIGNIN_URL))
diff --git a/sample.env b/sample.env
index 84913967f..bd667f3b5 100644
--- a/sample.env
+++ b/sample.env
@@ -42,3 +42,4 @@ LOGIN_DOT_GOV_ACCESS_TOKEN_URL="https://idp.int.identitysandbox.gov/api/openid_c
 LOGIN_DOT_GOV_LOGOUT_URL="https://idp.int.identitysandbox.gov/openid_connect/logout?client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:test_notify_gov&post_logout_redirect_uri=http://localhost:6012/sign-out"
 LOGIN_DOT_GOV_BASE_LOGOUT_URL="https://idp.int.identitysandbox.gov/openid_connect/logout?"
 LOGIN_DOT_GOV_SIGNOUT_REDIRECT="http://localhost:6012/sign-out"
+LOGIN_DOT_GOV_INITIAL_SIGNIN_URL="https://idp.int.identitysandbox.gov/openid_connect/authorize?acr_values=http%3A%2F%2Fidmanagement.gov%2Fns%2Fassurance%2Fial%2F1&client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:test_notify_gov&nonce=01234567890123456789012345&prompt=select_account&redirect_uri=http://localhost:6012/sign-in&response_type=code&scope=openid+email&state=abcdefghijklmnopabcdefghijklmnop"