diff --git a/README.md b/README.md
index 3eac8e2..49fc399 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,6 @@ For now, here is the very rough documentation:
     - See https://developers.google.com/api-client-library/php/auth/web-app
     - place the client secrets file inside the google-auth/ plugin directory
 4. This plugin allows you to filter access based on domain (i.e. only @mydomain.com addresses)
-    - Edit define('APPROVED_DOMAIN', "mydomain.com");
-    - If you want anyone with a Google account to get in (you probably don't want that), set to *
-        - i.e. define('APPROVED_DOMAIN', "*");
+    - Set the domains as an env variable, e.g.
+    `export APPROVED_DOMAINS="one_domain.com,another_domain.com,a_third_domain.com"`
+    - Alternatively, you can hard-code the domains directly on line 89 of plugin.php
diff --git a/plugin.php b/plugin.php
index 2cf5afc..1274253 100644
--- a/plugin.php
+++ b/plugin.php
@@ -86,7 +86,7 @@ function atomarch_check_domain($google_client) {
 
     // List of domains that have permission to login. Use "*"" to allow access from any google account
     //$APPROVED_DOMAINS = array("domain1.com", "domain2.com");
-    $APPROVED_DOMAINS = array("*");
+    $APPROVED_DOMAINS = array_map("trim", explode(",", getenv('APPROVED_DOMAINS')) ?: "*");
 
     if (in_array("*", $APPROVED_DOMAINS)) {
         return true;