diff --git a/controller/enable.go b/controller/enable.go
index dd6bba26..0e328a9a 100644
--- a/controller/enable.go
+++ b/controller/enable.go
@@ -31,7 +31,7 @@ func (h *enableHandler) Handle(params environment.EnableParams, principal *rest_
 		logrus.Errorf("error getting edge client: %v", err)
 		return environment.NewEnableInternalServerError()
 	}
-	ident, err := zrokEdgeSdk.CreateEnvironmentIdentity(principal.Email, params.Body.Description, client)
+	ident, err := zrokEdgeSdk.CreateEnvironmentIdentity(principal.Token, principal.Email, params.Body.Description, client)
 	if err != nil {
 		logrus.Error(err)
 		return environment.NewEnableInternalServerError()
diff --git a/controller/zrokEdgeSdk/identity.go b/controller/zrokEdgeSdk/identity.go
index 35be16c4..9cb955f3 100644
--- a/controller/zrokEdgeSdk/identity.go
+++ b/controller/zrokEdgeSdk/identity.go
@@ -12,10 +12,10 @@ import (
 	"time"
 )
 
-func CreateEnvironmentIdentity(accountEmail, envDescription string, edge *rest_management_api_client.ZitiEdgeManagement) (*identity.CreateIdentityCreated, error) {
+func CreateEnvironmentIdentity(secretToken, accountEmail, envDescription string, edge *rest_management_api_client.ZitiEdgeManagement) (*identity.CreateIdentityCreated, error) {
 	identityType := rest_model_edge.IdentityTypeUser
 	moreTags := map[string]interface{}{"zrokEmail": accountEmail}
-	return CreateIdentity(accountEmail+"-"+envDescription, identityType, moreTags, edge)
+	return CreateIdentity(accountEmail+"-"+secretToken+"-"+envDescription, identityType, moreTags, edge)
 }
 
 func CreateIdentity(name string, identityType rest_model_edge.IdentityType, addlTags map[string]interface{}, edge *rest_management_api_client.ZitiEdgeManagement) (*identity.CreateIdentityCreated, error) {