diff --git a/dev-infrastructure/Makefile b/dev-infrastructure/Makefile
index 55708e445..e09461cbd 100644
--- a/dev-infrastructure/Makefile
+++ b/dev-infrastructure/Makefile
@@ -69,11 +69,11 @@ cleanup-orphaned-rolebindings:
 first-party-identity: # hardcoded name, since there should be only one in the global RG
 	az deployment group create \
 		--name "aro-hcp-dev-first-party" \
-		--resource-group $(GLOBAL_RESOURCEGROUP) \
+		--resource-group $(RESOURCEGROUP) \
 		--template-file templates/first-party-identity.bicep $(PROMPT_TO_CONFIRM) \
 		--parameters configurations/mvp-first-party.bicepparam
 	APPLICATION_NAME=aro-hcp-dev-first-party \
-	KEY_VAULT_NAME=aro-hcp-dev-global-kv \
+	KEY_VAULT_NAME=service-kv-aro-hcp-dev \
 	CERTIFICATE_NAME=firstPartyMock \
 	ROLE_DEFINITION_NAME=dev-first-party-mock \
 	SUBSCRIPTION_ID=$(shell az account show --query id --output tsv) \
diff --git a/dev-infrastructure/configurations/mvp-first-party.bicepparam b/dev-infrastructure/configurations/mvp-first-party.bicepparam
index 0b5c326e5..aff8eb497 100644
--- a/dev-infrastructure/configurations/mvp-first-party.bicepparam
+++ b/dev-infrastructure/configurations/mvp-first-party.bicepparam
@@ -1,4 +1,4 @@
 using '../templates/first-party-identity.bicep'
 
 param kvCertOfficerManagedIdentityName = 'aro-hcp-dev-first-party'
-param globalKeyVaultName = 'aro-hcp-dev-global-kv'
+param globalKeyVaultName = 'service-kv-aro-hcp-dev'
diff --git a/dev-infrastructure/modules/first-party-identity.bicep b/dev-infrastructure/modules/first-party-identity.bicep
index 503635fe5..b9e6d3205 100644
--- a/dev-infrastructure/modules/first-party-identity.bicep
+++ b/dev-infrastructure/modules/first-party-identity.bicep
@@ -86,6 +86,7 @@ resource customRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' = {
     assignableScopes: [
       subscription().id
       subscriptionResourceId('Microsoft.Resources/resourceGroups/', 'global')
+      subscriptionResourceId('Microsoft.Resources/resourceGroups/', 'aro-hcp-dev-westus3-sc')
     ]
   }
 }