diff --git a/dynamicweb/settings/base.py b/dynamicweb/settings/base.py
index 27909813..1051c4ab 100644
--- a/dynamicweb/settings/base.py
+++ b/dynamicweb/settings/base.py
@@ -721,7 +721,7 @@ X_FRAME_OPTIONS = ('SAMEORIGIN' if X_FRAME_OPTIONS_ALLOW_FROM_URI is None else
 
 DEBUG = bool_env('DEBUG')
 
-ACCOUNT_NAME = env('ACCOUNT_NAME')
+READ_VM_REALM = env('READ_VM_REALM')
 AUTH_NAME = env('AUTH_NAME')
 AUTH_SEED = env('AUTH_SEED')
 AUTH_REALM = env('AUTH_REALM')
diff --git a/hosting/views.py b/hosting/views.py
index 88adaf22..cd6aa4f3 100644
--- a/hosting/views.py
+++ b/hosting/views.py
@@ -1773,7 +1773,7 @@ class CheckUserVM(APIView):
             user = request.data['user']
             realm = request.data['realm']
             token = request.data['token']
-            if user != settings.ACCOUNT_NAME:
+            if realm != settings.READ_VM_REALM:
                 return Response("User not allowed", 403)
             response = check_otp(user, realm, token)
             if response != 200: