diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py
index f16efc18f..a221d88fa 100644
--- a/src/registrar/config/settings.py
+++ b/src/registrar/config/settings.py
@@ -285,12 +285,12 @@ SERVER_EMAIL = "root@get.gov"
 
 # Content-Security-Policy configuration
 # this can be restrictive because we have few external scripts
-allowed_sources = ("'self'", "https://idp.int.identitysandbox.gov", "https://idp.int.identitysandbox.gov/openid_connect/logout")
+allowed_sources = ("'self'")
 CSP_DEFAULT_SRC = allowed_sources
 # Most things fall back to default-src, but these two do not and should be
 # explicitly set
 CSP_FRAME_ANCESTORS = allowed_sources
-CSP_FORM_ACTION = allowed_sources
+CSP_FORM_ACTION = ("'self'", "https://idp.int.identitysandbox.gov/openid_connect/logout")
 
 
 # Content-Length header is set by django.middleware.common.CommonMiddleware
diff --git a/src/registrar/config/urls.py b/src/registrar/config/urls.py
index 6159b387b..ad3883f4f 100644
--- a/src/registrar/config/urls.py
+++ b/src/registrar/config/urls.py
@@ -47,7 +47,7 @@ urlpatterns = [
     path("", views.index, name="home"),
     path(
             "admin/logout/",
-            RedirectView.as_view(url="/openid/logout", permanent=False),
+            RedirectView.as_view(pattern_name="logout", permanent=False),
         ),
     path("admin/", admin.site.urls),
     path(
@@ -125,11 +125,6 @@ if not settings.DEBUG:
         path(
             "admin/login/", RedirectView.as_view(pattern_name="login", permanent=False)
         ),
-        # redirect to login.gov
-        path(
-            "admin/logout/",
-            RedirectView.as_view(pattern_name="logout", permanent=False),
-        ),
     ]
 
 # we normally would guard these with `if settings.DEBUG` but tests run with