diff --git a/README.rst b/README.rst
index e74176faf91e..95fd45353711 100644
--- a/README.rst
+++ b/README.rst
@@ -124,6 +124,21 @@ sites)::
   ./manage.py lms collectstatic
   ./manage.py cms collectstatic
 
+Setup Studio SSO for Development::
+
+  ./manage.py lms manage_user studio_worker example@example.com --unusable-password
+  # The command below creates the application that studio uses to login. For
+  # convenience the command below sets up the application with the development
+  # mode default values for the client-id and client secret. For production
+  # system do not provide the id and sceret. They will be created by the command
+  # to be random and cryptographically strong. In a production system, after you
+  # run this command, you will need to login to the django admin
+  # (eg. http://localhost:18000/admin/oauth2_provider/application/) site to view the
+  # credentials and set them in the config for your production studio deployment
+  # using the `SOCIAL_AUTH_EDX_OAUTH2_KEY` and `SOCIAL_AUTH_EDX_OAUTH2_SECRET`
+  # values in your studio settings.
+  ./manage.py lms create_dot_application --grant-type authorization-code --skip-authorization --redirect-uris "http://localhost:18010/complete/edx-oauth2/" --scopes "user_id" studio-sso studio_worker --client-id studio-sso-key --client-secret studio-sso-secret
+
 Run the Platform
 ----------------
 
@@ -131,11 +146,11 @@ First, ensure MySQL, Mongo, and Memcached are running.
 
 Start the LMS::
 
-  ./manage.py lms runserver
+  ./manage.py lms runserver 18000
 
 Start the CMS::
 
-  ./manage.py cms runserver
+  ./manage.py cms runserver 18010
 
 This will give you a mostly-headless Open edX platform. Most frontends have
 been migrated to "Micro-Frontends (MFEs)" which need to be installed and run
diff --git a/cms/envs/devstack.py b/cms/envs/devstack.py
index e944d67eda1b..1d3a510cdc4c 100644
--- a/cms/envs/devstack.py
+++ b/cms/envs/devstack.py
@@ -267,7 +267,8 @@ def should_show_debug_toolbar(request):  # lint-amnesty, pylint: disable=missing
 ################ Using LMS SSO for login to Studio ################
 SOCIAL_AUTH_EDX_OAUTH2_KEY = 'studio-sso-key'
 SOCIAL_AUTH_EDX_OAUTH2_SECRET = 'studio-sso-secret'  # in stage, prod would be high-entropy secret
-SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT = 'http://edx.devstack.lms:18000'  # routed internally server-to-server
+# routed internally server-to-server
+SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT = ENV_TOKENS.get('SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT', 'http://edx.devstack.lms:18000')
 SOCIAL_AUTH_EDX_OAUTH2_PUBLIC_URL_ROOT = 'http://localhost:18000'  # used in browser redirect
 
 # Don't form the return redirect URL with HTTPS on devstack
diff --git a/lms/envs/minimal.yml b/lms/envs/minimal.yml
index d455d1f3dbf8..51d7bbf499c4 100644
--- a/lms/envs/minimal.yml
+++ b/lms/envs/minimal.yml
@@ -36,3 +36,6 @@ LMS_INTERNAL_ROOT_URL: "http://localhost"
 
 # So that Swagger config code doesn't complain
 API_ACCESS_MANAGER_EMAIL: "api-access@example.com"
+
+# So that you can login to studio on bare-metal
+SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT: 'http://localhost:18000'