diff --git a/EnvelopeGenerator.API/AuthScheme.cs b/EnvelopeGenerator.API/AuthScheme.cs
index 5f2a2699..96e3b90d 100644
--- a/EnvelopeGenerator.API/AuthScheme.cs
+++ b/EnvelopeGenerator.API/AuthScheme.cs
@@ -8,5 +8,10 @@ public static class AuthScheme
     /// <summary>
     /// Scheme name used for per-envelope receiver JWT authentication.
     /// </summary>
-    public const string Receiver = "EnvelopeGenerator.API.EnvelopeReceiverJwt";
+    public const string Receiver = "EnvelopeGenerator.API.ReceiverJWT";
+
+    /// <summary>
+    /// Scheme name used for per-envelope sender JWT authentication.
+    /// </summary>
+    public const string Sender = "EnvelopeGenerator.API.SenderJWT";
 }
diff --git a/EnvelopeGenerator.API/Program.cs b/EnvelopeGenerator.API/Program.cs
index fdcbd4c0..2ea3ce27 100644
--- a/EnvelopeGenerator.API/Program.cs
+++ b/EnvelopeGenerator.API/Program.cs
@@ -136,7 +136,7 @@ try
         options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
         options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
     })
-        .AddJwtBearer(opt =>
+        .AddJwtBearer(AuthScheme.Sender, opt =>
         {
             opt.TokenValidationParameters = new TokenValidationParameters
             {
@@ -240,13 +240,13 @@ try
     builder.Services.AddAuthorizationBuilder()
         .AddPolicy(AuthPolicy.SenderOrReceiver, policy => policy.RequireRole(Role.Sender, Role.Receiver.Full))
 
-        .AddPolicy(AuthPolicy.Sender, policy => policy.RequireRole(Role.Sender))
-
+        .AddPolicy(AuthPolicy.Sender, policy => policy
+            .RequireRole(Role.Sender)
+            .AddAuthenticationSchemes(AuthScheme.Sender))
         .AddPolicy(AuthPolicy.Receiver, policy => policy
             .AddAuthenticationSchemes(AuthScheme.Receiver)
             .RequireAuthenticatedUser()
             .RequireRole(Role.Receiver.Full, "receiver"))
-
         .AddPolicy(AuthPolicy.ReceiverTFA, policy => policy.RequireRole(Role.Receiver.TFA));
 
     // User manager