diff --git a/themes/MUG/invenio.cfg b/themes/MUG/invenio.cfg
index ba13659..9a292ff 100644
--- a/themes/MUG/invenio.cfg
+++ b/themes/MUG/invenio.cfg
@@ -384,6 +384,15 @@ _keycloak_helper = KeycloakSettingsHelper(
     legacy_url_path=False
 )
 
+_cyverse_keycloak_helper = KeycloakSettingsHelper(
+    title="CyVerse",
+    description="CyVerse",
+    base_url="https://keycloak.cyverse.at",
+    realm="CyVerse",
+    app_key="CYVERSE_KEYCLOAK_APP_CREDENTIALS",
+    legacy_url_path=False,
+)
+
 OAUTHCLIENT_KEYCLOAK_REALM_URL = _keycloak_helper.realm_url
 OAUTHCLIENT_KEYCLOAK_USER_INFO_URL = _keycloak_helper.user_info_url
 OAUTHCLIENT_KEYCLOAK_VERIFY_EXP = True  # whether to verify the expiration date of tokens
@@ -391,7 +400,12 @@ OAUTHCLIENT_KEYCLOAK_VERIFY_AUD = True  # whether to verify the audience tag for
 OAUTHCLIENT_KEYCLOAK_AUD = "inveniordm"  # probably the same as the client ID
 OAUTHCLIENT_KEYCLOAK_USER_INFO_FROM_ENDPOINT = True
 
-OAUTHCLIENT_REMOTE_APPS = {"keycloak": _keycloak_helper.remote_app}
+OAUTHCLIENT_REMOTE_APPS = {
+    "keycloak": _keycloak_helper.remote_app,
+    # Enable when needed (see docs: multiple keycloak authentication providers):
+    # "cyverse": _cyverse_keycloak_helper.remote_app,
+}
 
 ## SET THE CREDENTIALS via .env
 # INVENIO_KEYCLOAK_APP_CREDENTIALS={'consumer_key':'<YOUR.CLIENT.ID>','consumer_secret': '<YOUR.CLIENT.CREDENTIALS.SECRET>'}
+# INVENIO_CYVERSE_KEYCLOAK_APP_CREDENTIALS={'consumer_key':'<YOUR.CLIENT.ID>','consumer_secret': '<YOUR.CLIENT.CREDENTIALS.SECRET>'}