diff --git a/cmd/root.go b/cmd/root.go
index cb79162..c0d8af8 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -56,8 +56,8 @@ var rootCmd = &cobra.Command{
 		users, parseErr := utils.ParseUsers(usersString)
 		HandleError(parseErr, "Failed to parse users")
 
-		// Create whitelist
-		whitelist := utils.ParseCommaString(config.Whitelist)
+		// Create oauth whitelist
+		oauthWhitelist := utils.ParseCommaString(config.OAuthWhitelist)
 
 		// Create OAuth config
 		oauthConfig := types.OAuthConfig{
@@ -75,7 +75,7 @@ var rootCmd = &cobra.Command{
 		}
 
 		// Create auth service
-		auth := auth.NewAuth(users, whitelist)
+		auth := auth.NewAuth(users, oauthWhitelist)
 
 		// Create OAuth providers service
 		providers := providers.NewProviders(oauthConfig)
@@ -139,7 +139,7 @@ func init() {
 	rootCmd.Flags().String("generic-token-url", "", "Generic OAuth token URL.")
 	rootCmd.Flags().String("generic-user-url", "", "Generic OAuth user info URL.")
 	rootCmd.Flags().Bool("disable-continue", false, "Disable continue screen and redirect to app directly.")
-	rootCmd.Flags().String("whitelist", "", "Comma separated list of email addresses to whitelist (only for oauth).")
+	rootCmd.Flags().String("oauth-whitelist", "", "Comma separated list of email addresses to whitelist when using OAuth.")
 	rootCmd.Flags().Int("cookie-expiry", 86400, "Cookie expiration time in seconds.")
 	viper.BindEnv("port", "PORT")
 	viper.BindEnv("address", "ADDRESS")
@@ -159,7 +159,7 @@ func init() {
 	viper.BindEnv("generic-token-url", "GENERIC_TOKEN_URL")
 	viper.BindEnv("generic-user-url", "GENERIC_USER_URL")
 	viper.BindEnv("disable-continue", "DISABLE_CONTINUE")
-	viper.BindEnv("whitelist", "WHITELIST")
+	viper.BindEnv("oauth-whitelist", "WHITELIST")
 	viper.BindEnv("cookie-expiry", "COOKIE_EXPIRY")
 	viper.BindPFlags(rootCmd.Flags())
 }
diff --git a/internal/auth/auth.go b/internal/auth/auth.go
index d7bf1ea..5189a87 100644
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -6,16 +6,16 @@ import (
 	"golang.org/x/crypto/bcrypt"
 )
 
-func NewAuth(userList types.Users, whitelist []string) *Auth {
+func NewAuth(userList types.Users, oauthWhitelist []string) *Auth {
 	return &Auth{
-		Users:     userList,
-		Whitelist: whitelist,
+		Users:          userList,
+		OAuthWhitelist: oauthWhitelist,
 	}
 }
 
 type Auth struct {
-	Users     types.Users
-	Whitelist []string
+	Users          types.Users
+	OAuthWhitelist []string
 }
 
 func (auth *Auth) GetUser(email string) *types.User {
@@ -33,10 +33,10 @@ func (auth *Auth) CheckPassword(user types.User, password string) bool {
 }
 
 func (auth *Auth) EmailWhitelisted(emailSrc string) bool {
-	if len(auth.Whitelist) == 0 {
+	if len(auth.OAuthWhitelist) == 0 {
 		return true
 	}
-	for _, email := range auth.Whitelist {
+	for _, email := range auth.OAuthWhitelist {
 		if email == emailSrc {
 			return true
 		}
diff --git a/internal/types/types.go b/internal/types/types.go
index df48064..b9ad826 100644
--- a/internal/types/types.go
+++ b/internal/types/types.go
@@ -37,7 +37,7 @@ type Config struct {
 	GenericTokenURL     string `mapstructure:"generic-token-url"`
 	GenericUserURL      string `mapstructure:"generic-user-info-url"`
 	DisableContinue     bool   `mapstructure:"disable-continue"`
-	Whitelist           string `mapstructure:"whitelist"`
+	OAuthWhitelist      string `mapstructure:"oauth-whitelist"`
 	CookieExpiry        int    `mapstructure:"cookie-expiry"`
 }