diff --git a/README.md b/README.md
index 63ee677..83b1785 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,12 @@ accounts:
     appID: onelogin app id (e.g. 123456)
     accountID: AWS account ID
     profileName: AWS IAM profile to store credentials in (in ~/.aws/credentials)
+  - name: myapp-dev
+    appIDsByRole: # optional, if you use different OneLogin apps for different roles
+      iam-role-1: onelogin app id (e.g. 123456)
+      iam-role-2: onelogin app id (e.g. 123456)
+    accountID: AWS account ID
+    profileName: AWS IAM profile to store credentials in (in ~/.aws/credentials)
 roles:
   - iam-role-1 # role that is configured in onelogin and IAM to use with the onelogin identity provider
   - iam-role-2
diff --git a/cmd/login.go b/cmd/login.go
index ff53091..e549e3a 100644
--- a/cmd/login.go
+++ b/cmd/login.go
@@ -55,7 +55,8 @@ var loginCmd = &cobra.Command{
 			fmt.Println("Role: ", config.Roles[*role])
 			fmt.Println("Account: ", config.Accounts[*account].Name)
 		}
-		appID := config.Accounts[*account].AppID
+
+		appID := config.Accounts[*account].GetAppID(config.Roles[*role])
 
 		//Get OneLogin access Token
 		token, err := onelogin.GetAccessToken(config.Onelogin.ClientID, config.Onelogin.ClientSecret)
diff --git a/cmd/root.go b/cmd/root.go
index 69684ca..776dfa6 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -27,11 +27,21 @@ type OneLoginConf struct {
 	AccountName  string `yaml:"onelogin-account"`
 }
 type Account struct {
-	Name            string `yaml:"name"`
-	AppID           string `yaml:"appID"`
-	AccountID       string `yaml:"accountID"`
-	ProfileName     string `yaml:"profileName"`
-	DurationSeconds int64  `yaml:"durationSeconds"`
+	Name            string            `yaml:"name"`
+	AppID           string            `yaml:"appID"`
+	AppIDsByRole    map[string]string `yaml:"appIDsByRole"`
+	AccountID       string            `yaml:"accountID"`
+	ProfileName     string            `yaml:"profileName"`
+	DurationSeconds int64             `yaml:"durationSeconds"`
+}
+
+func (a *Account) GetAppID(role string) string {
+	if a.AppIDsByRole != nil {
+		if appID, ok := a.AppIDsByRole[role]; ok {
+			return appID
+		}
+	}
+	return a.AppID
 }
 
 var config Config
diff --git a/config.yaml.example b/config.yaml.example
index cee139e..0756922 100644
--- a/config.yaml.example
+++ b/config.yaml.example
@@ -7,6 +7,13 @@ accounts:
     appID: onelogin app id (e.g. 123456)
     accountID: AWS account ID
     profileName: AWS IAM profile to store credentials in (in ~/.aws/credentials)
+
+  - name: myapp-dev
+    appIDsByRole: # optional, if you use different OneLogin apps for different roles
+      iam-role-1: onelogin app id (e.g. 123456)
+      iam-role-2: onelogin app id (e.g. 123456)
+    accountID: AWS account ID
+    profileName: AWS IAM profile to store credentials in (in ~/.aws/credentials)
 roles:
   - iam-role-1 # role that is configured in onelogin and IAM to use with the onelogin identity provider
   - iam-role-2