diff --git a/access-token-provider-api/src/main/java/net/ihe/gazelle/app/accesstokenproviderapi/application/TokenGenerator.java b/access-token-provider-api/src/main/java/net/ihe/gazelle/app/accesstokenproviderapi/application/TokenGenerator.java
index 3fe9ee15cbc77103c6a26ad976046f7d751d2d8a..3bd9b28b25f470cc6b81a3099380cbbe1185375c 100644
--- a/access-token-provider-api/src/main/java/net/ihe/gazelle/app/accesstokenproviderapi/application/TokenGenerator.java
+++ b/access-token-provider-api/src/main/java/net/ihe/gazelle/app/accesstokenproviderapi/application/TokenGenerator.java
@@ -19,6 +19,8 @@ import java.nio.charset.StandardCharsets;
 import java.time.Duration;
 import java.time.ZoneId;
 import java.time.ZonedDateTime;
+import java.util.Arrays;
+import java.util.List;
 import java.util.UUID;
 
 /**
@@ -30,6 +32,7 @@ public class TokenGenerator {
     private static final String ISSUER = "https://ehealthsuisse.ihe-europe.net/access-token-provider";
     private static final TokenType TOKEN_TYPE = TokenType.JWT;
     private static final Duration DEFAULT_DURATION = Duration.ofMinutes(5);
+    private static final List<String> SUBJECTS = Arrays.asList("aamrein", "aerne");
 
     private AudienceSecretRetriever audienceSecretRetriever;
 
@@ -73,7 +76,7 @@ public class TokenGenerator {
             throw new TokenRequestException("Audience is null or empty");
         }
 
-        if (accessTokenRequest.getSubject() == null || !accessTokenRequest.getSubject().equals("aamrein")) {
+        if (accessTokenRequest.getSubject() == null || !SUBJECTS.contains(accessTokenRequest.getSubject())) {
             throw new TokenRequestException("Unsupported subject");
         }