diff --git a/infra/iam.tf b/infra/iam.tf
index 951a00e..6327564 100644
--- a/infra/iam.tf
+++ b/infra/iam.tf
@@ -61,7 +61,8 @@ resource "google_iam_workload_identity_pool_provider" "github_provider" {
     "attribute.ref"              = "assertion.ref"
   }
 
-  attribute_condition = "assertion.repository == '${var.github_org}/${var.github_repo}' && assertion.ref == 'refs/heads/main'"
+  # Allow authentication only from this repository and the dev/main deployment branches
+  attribute_condition = "assertion.repository == '${var.github_org}/${var.github_repo}' && (assertion.ref == 'refs/heads/dev' || assertion.ref == 'refs/heads/main')"
 
   oidc {
     issuer_uri = "https://token.actions.githubusercontent.com"
diff --git a/infra/staging.tfvars b/infra/staging.tfvars
index c924915..cd265d9 100644
--- a/infra/staging.tfvars
+++ b/infra/staging.tfvars
@@ -1,4 +1,2 @@
 project_id  = "student-progress-staging"
 environment = "staging"
-github_org  = "aga87"
-github_repo = "student-progress-api"
diff --git a/infra/variables.tf b/infra/variables.tf
index 357cdbe..2af3ed0 100644
--- a/infra/variables.tf
+++ b/infra/variables.tf
@@ -26,9 +26,11 @@ variable "db_name" {
 }
 
 variable "github_org" {
-  type = string
+  type    = string
+  default = "aga87"
 }
 
 variable "github_repo" {
-  type = string
+  type    = string
+  default = "student-progress-api"
 }