diff --git a/ansible/playbooks/usermgmt/create-users-groups.yml b/ansible/playbooks/usermgmt/create-users-groups.yml
index 073253ca..ce15812e 100644
--- a/ansible/playbooks/usermgmt/create-users-groups.yml
+++ b/ansible/playbooks/usermgmt/create-users-groups.yml
@@ -25,10 +25,15 @@
   tasks:
     - name: Create users
       ansible.builtin.include_tasks: tasks/add-user-ipa.yml
-      loop: "{{ hostvars['localhost']['userdata'] | dict2items }}"
-      when: hostvars['localhost']['userdata'] is defined
+      loop: "{{ hostvars['localhost']['userdata'] | default({}) | dict2items }}"
 
     - name: Create groups
       ansible.builtin.include_tasks: tasks/add-group-ipa.yml
-      loop: "{{ hostvars['localhost']['groupdata'] | dict2items }}"
-      when: hostvars['localhost']['groupdata'] is defined
+      loop: "{{ hostvars['localhost']['groupdata'] | default({}) | dict2items }}"
+
+- hosts: bastion_hosts
+  gather_facts: false
+  tasks:
+    - name: Create users
+      ansible.builtin.include_tasks: tasks/add-user-bastion.yml
+      loop: "{{ hostvars['localhost']['userdata'] | default({}) | dict2items }}"
diff --git a/ansible/playbooks/usermgmt/tasks/add-user-bastion.yml b/ansible/playbooks/usermgmt/tasks/add-user-bastion.yml
new file mode 100644
index 00000000..23cb87da
--- /dev/null
+++ b/ansible/playbooks/usermgmt/tasks/add-user-bastion.yml
@@ -0,0 +1,33 @@
+---
+- name: Create a temp file to hold the user data
+  ansible.builtin.tempfile:
+    prefix: "usermgmt."
+    suffix: ".userdata"
+    state: file
+  register: usermgmt_tempfile
+
+- name: Populate the tempfile
+  vars:
+    user_list:
+      - username: "{{ item['value']['username'] }}"
+        ssh_public_key: "{{ item['value']['ssh_public_key'] | default([]) }}"
+  ansible.builtin.template:
+    dest: "{{ usermgmt_tempfile['path'] }}"
+    src: templates/usermgmt_file.j2
+    mode: "0600"
+  when: usermgmt_tempfile['path'] is defined
+
+- name: Create the user on the bastion host
+  ansible.builtin.command:
+    argv:
+      - sudo
+      - /root/bin/ikimuseradd.sh
+      - "{{ usermgmt_tempfile['path'] }}"
+    creates: "/home/{{ item['value']['username'] }}"
+  when: usermgmt_tempfile['path'] is defined
+
+- name: Delete the temp file
+  ansible.builtin.file:
+    path: "{{ usermgmt_tempfile['path'] }}"
+    state: absent
+  when: usermgmt_tempfile['path'] is defined