diff --git a/client/allocrunner/consul_hook.go b/client/allocrunner/consul_hook.go
index e10cfccd9..b1385a737 100644
--- a/client/allocrunner/consul_hook.go
+++ b/client/allocrunner/consul_hook.go
@@ -98,19 +98,25 @@ func (h *consulHook) Prerun() error {
 }
 
 func (h *consulHook) prepareConsulTokensForTask(job *structs.Job, task *structs.Task, tgName string, tokens map[string]map[string]string) error {
+	var consulClusterName string
+	if task.Consul != nil && task.Consul.Cluster != "" {
+		consulClusterName = task.Consul.Cluster
+	} else {
+		consulClusterName = structs.ConsulDefaultCluster
+	}
+
+	// get consul config
+	consulConfig := h.consulConfigs[consulClusterName]
+
 	// if UseIdentity is unset of set to false, quit
-	// FIXME Fetch from Task.Consul.Cluster once #18557 is in
-	consulConfig := h.consulConfigs[structs.ConsulDefaultCluster]
 	if consulConfig.UseIdentity == nil || !*consulConfig.UseIdentity {
 		return nil
 	}
 
-	expectedIdentity := task.MakeUniqueIdentityName(tgName)
-
 	// get tokens for alt identities for Consul
 	mErr := multierror.Error{}
 	for _, i := range task.Identities {
-		if i.Name != expectedIdentity {
+		if i.Name != fmt.Sprintf("%s_%s", structs.ConsulTaskIdentityNamePrefix, consulClusterName) {
 			continue
 		}
 
@@ -134,8 +140,7 @@ func (h *consulHook) prepareConsulTokensForTask(job *structs.Job, task *structs.
 			AuthMethodName: consulTasksAuthMethodName,
 		}
 
-		// FIXME Fetch from Task.Consul.Cluster once #18557 is in
-		if err := h.getConsulTokens(structs.ConsulDefaultCluster, ti.IdentityName, tokens, req); err != nil {
+		if err := h.getConsulTokens(consulClusterName, ti.IdentityName, tokens, req); err != nil {
 			return err
 		}
 	}
diff --git a/nomad/job_endpoint_hook_implicit_identities.go b/nomad/job_endpoint_hook_implicit_identities.go
index b06f5dcc7..570db53ce 100644
--- a/nomad/job_endpoint_hook_implicit_identities.go
+++ b/nomad/job_endpoint_hook_implicit_identities.go
@@ -9,11 +9,6 @@ import (
 	"github.com/hashicorp/nomad/nomad/structs"
 )
 
-const (
-	consulServiceIdentityNamePrefix = "consul-service"
-	consulTaskIdentityNamePrefix    = "consul"
-)
-
 // jobImplicitIdentitiesHook adds implicit `identity` blocks for external
 // services, like Consul and Vault.
 type jobImplicitIdentitiesHook struct {
@@ -35,7 +30,7 @@ func (h jobImplicitIdentitiesHook) Mutate(job *structs.Job) (*structs.Job, []err
 				h.handleConsulService(s)
 			}
 			if len(t.Templates) > 0 {
-				h.handleConsulTasks(t, tg.Name)
+				h.handleConsulTasks(t)
 			}
 			h.handleVault(t)
 		}
@@ -75,19 +70,18 @@ func (h jobImplicitIdentitiesHook) handleConsulService(s *structs.Service) {
 
 	// Set the expected identity name and service name.
 	name := s.MakeUniqueIdentityName()
-	serviceWID.Name = fmt.Sprintf("%s/%s", consulServiceIdentityNamePrefix, name)
+	serviceWID.Name = fmt.Sprintf("%s_%s", structs.ConsulServiceIdentityNamePrefix, name)
 	serviceWID.ServiceName = s.Name
 
 	s.Identity = serviceWID
 }
 
-func (h jobImplicitIdentitiesHook) handleConsulTasks(t *structs.Task, taskGroup string) {
+func (h jobImplicitIdentitiesHook) handleConsulTasks(t *structs.Task) {
 	if !h.srv.config.UseConsulIdentity() {
 		return
 	}
 
-	name := t.MakeUniqueIdentityName(taskGroup)
-	widName := fmt.Sprintf("%s/%s", consulTaskIdentityNamePrefix, name)
+	widName := t.Consul.IdentityName()
 
 	// Use the Consul identity specified in the task if present
 	for _, wid := range t.Identities {
diff --git a/nomad/job_endpoint_hook_implicit_identities_test.go b/nomad/job_endpoint_hook_implicit_identities_test.go
index 19a327d24..8a4b10551 100644
--- a/nomad/job_endpoint_hook_implicit_identities_test.go
+++ b/nomad/job_endpoint_hook_implicit_identities_test.go
@@ -150,7 +150,7 @@ func Test_jobImplicitIndentitiesHook_Mutate_consul_service(t *testing.T) {
 							TaskName:  "task",
 							PortLabel: "80",
 							Identity: &structs.WorkloadIdentity{
-								Name:        "consul-service/task-web-80",
+								Name:        "consul-service_task-web-80",
 								Audience:    []string{"consul.io", "nomad.dev"},
 								File:        true,
 								Env:         false,
@@ -162,7 +162,7 @@ func Test_jobImplicitIndentitiesHook_Mutate_consul_service(t *testing.T) {
 							TaskName:  "task",
 							PortLabel: "80",
 							Identity: &structs.WorkloadIdentity{
-								Name:        "consul-service/task-web-80",
+								Name:        "consul-service_task-web-80",
 								Audience:    []string{"consul.io", "nomad.dev"},
 								File:        true,
 								Env:         false,
@@ -177,7 +177,7 @@ func Test_jobImplicitIndentitiesHook_Mutate_consul_service(t *testing.T) {
 							TaskName:  "task",
 							PortLabel: "80",
 							Identity: &structs.WorkloadIdentity{
-								Name:        "consul-service/task-web-task-80",
+								Name:        "consul-service_task-web-task-80",
 								Audience:    []string{"consul.io", "nomad.dev"},
 								File:        true,
 								Env:         false,
@@ -224,7 +224,7 @@ func Test_jobImplicitIndentitiesHook_Mutate_consul_service(t *testing.T) {
 						Name:      "web",
 						TaskName:  "task",
 						Identity: &structs.WorkloadIdentity{
-							Name:        "consul-service/task-web-80",
+							Name:        "consul-service_task-web-80",
 							Audience:    []string{"consul.io"},
 							ServiceName: "web",
 						},
@@ -236,7 +236,7 @@ func Test_jobImplicitIndentitiesHook_Mutate_consul_service(t *testing.T) {
 							Name:      "web-task",
 							TaskName:  "task",
 							Identity: &structs.WorkloadIdentity{
-								Name:        "consul-service/task-web-task-80",
+								Name:        "consul-service_task-web-task-80",
 								Audience:    []string{"consul.io"},
 								ServiceName: "web-task",
 							},
@@ -271,7 +271,7 @@ func Test_jobImplicitIndentitiesHook_Mutate_consul_service(t *testing.T) {
 						Name:      "web-task",
 						Templates: []*structs.Template{{}},
 						Identities: []*structs.WorkloadIdentity{{
-							Name:     "consul/group-web-task",
+							Name:     "consul_default",
 							Audience: []string{"consul.io"},
 						}},
 					}},
diff --git a/nomad/job_endpoint_hooks_test.go b/nomad/job_endpoint_hooks_test.go
index a679db8d6..8d02a63a7 100644
--- a/nomad/job_endpoint_hooks_test.go
+++ b/nomad/job_endpoint_hooks_test.go
@@ -61,7 +61,7 @@ func Test_jobValidate_Validate_consul_service(t *testing.T) {
 				Provider: "consul",
 				Name:     "web",
 				Identity: &structs.WorkloadIdentity{
-					Name:        "consul-service/web",
+					Name:        "consul-service_web",
 					Audience:    []string{"consul.io"},
 					File:        true,
 					Env:         false,
@@ -81,7 +81,7 @@ func Test_jobValidate_Validate_consul_service(t *testing.T) {
 				Provider: "consul",
 				Name:     "web",
 				Identity: &structs.WorkloadIdentity{
-					Name:        "consul-service/web",
+					Name:        "consul-service_web",
 					Audience:    []string{"consul.io"},
 					File:        true,
 					Env:         false,
@@ -103,7 +103,7 @@ func Test_jobValidate_Validate_consul_service(t *testing.T) {
 				Provider: "consul",
 				Name:     "web",
 				Identity: &structs.WorkloadIdentity{
-					Name:     fmt.Sprintf("%s/web", consulServiceIdentityNamePrefix),
+					Name:     fmt.Sprintf("%s_web", structs.ConsulServiceIdentityNamePrefix),
 					Audience: []string{"consul.io"},
 					File:     true,
 					Env:      false,
diff --git a/nomad/structs/consul.go b/nomad/structs/consul.go
index 039993de9..5b73a710a 100644
--- a/nomad/structs/consul.go
+++ b/nomad/structs/consul.go
@@ -12,6 +12,13 @@ const (
 	// ConsulDefaultCluster is the name used for the Consul cluster that doesn't
 	// have a name.
 	ConsulDefaultCluster = "default"
+
+	// ConsulServiceIdentityNamePrefix is used in naming identities of consul
+	// services
+	ConsulServiceIdentityNamePrefix = "consul-service"
+
+	// ConsulTaskIdentityNamePrefix is used in naming identities of consul tasks
+	ConsulTaskIdentityNamePrefix = "consul"
 )
 
 // Consul represents optional per-group consul configuration.
@@ -55,6 +62,19 @@ func (c *Consul) Validate() error {
 	return nil
 }
 
+// IdentityName returns the name of the workload identity to be used to access
+// this Consul cluster.
+func (c *Consul) IdentityName() string {
+	var clusterName string
+	if c != nil && c.Cluster != "" {
+		clusterName = c.Cluster
+	} else {
+		clusterName = ConsulDefaultCluster
+	}
+
+	return fmt.Sprintf("%s_%s", ConsulTaskIdentityNamePrefix, clusterName)
+}
+
 var (
 	// validConsulVaultClusterName is the rule used to validate a Consul or
 	// Vault cluster name.
diff --git a/nomad/structs/structs.go b/nomad/structs/structs.go
index 70a735654..ce0826655 100644
--- a/nomad/structs/structs.go
+++ b/nomad/structs/structs.go
@@ -7666,12 +7666,6 @@ func (t *Task) GetIdentity(name string) *WorkloadIdentity {
 	return nil
 }
 
-// MakeUniqueIdentityName returns a task identity name consisting of: task
-// group name and task name.
-func (t *Task) MakeUniqueIdentityName(taskGroup string) string {
-	return fmt.Sprintf("%v-%v", taskGroup, t.Name)
-}
-
 // IdentityHandle returns a WorkloadIdentityHandle which is a pair of unique WI
 // name and task name.
 func (t *Task) IdentityHandle(identity *WorkloadIdentity) *WIHandle {