diff --git a/manifests/roles/admin.pp b/manifests/roles/admin.pp
index 7e80ca238..2405a8266 100644
--- a/manifests/roles/admin.pp
+++ b/manifests/roles/admin.pp
@@ -17,6 +17,8 @@
 # [ignore_default_tenant] Ignore setting the default tenant value when the user is created. Optional. Defaults to false.
 # [admin_tenant_desc] Optional. Description for admin tenant, defaults to 'admin tenant'
 # [service_tenant_desc] Optional. Description for admin tenant, defaults to 'Tenant for the openstack services'
+# [configure_user] Optional. Should the admin user be created? Defaults to 'true'.
+# [configure_user_role] Optional. Should the admin role be configured for the admin user? Defaulst to 'true'.
 #
 # == Dependencies
 # == Examples
@@ -37,6 +39,8 @@
   $ignore_default_tenant  = false,
   $admin_tenant_desc      = 'admin tenant',
   $service_tenant_desc    = 'Tenant for the openstack services',
+  $configure_user         = true,
+  $configure_user_role    = true,
 ) {
 
   keystone_tenant { $service_tenant:
@@ -49,20 +53,26 @@
     enabled     => true,
     description => $admin_tenant_desc,
   }
-  keystone_user { $admin:
-    ensure                => present,
-    enabled               => true,
-    tenant                => $admin_tenant,
-    email                 => $email,
-    password              => $password,
-    ignore_default_tenant => $ignore_default_tenant,
-  }
   keystone_role { 'admin':
     ensure => present,
   }
-  keystone_user_role { "${admin}@${admin_tenant}":
-    ensure => present,
-    roles  => 'admin',
+
+  if $configure_user {
+    keystone_user { $admin:
+      ensure                => present,
+      enabled               => true,
+      tenant                => $admin_tenant,
+      email                 => $email,
+      password              => $password,
+      ignore_default_tenant => $ignore_default_tenant,
+    }
+  }
+
+  if $configure_user_role {
+    keystone_user_role { "${admin}@${admin_tenant}":
+      ensure => present,
+      roles  => 'admin',
+    }
   }
 
 }
diff --git a/spec/classes/keystone_roles_admin_spec.rb b/spec/classes/keystone_roles_admin_spec.rb
index 798dafe2b..c1c81e7d2 100644
--- a/spec/classes/keystone_roles_admin_spec.rb
+++ b/spec/classes/keystone_roles_admin_spec.rb
@@ -77,4 +77,31 @@
 
   end
 
+  describe 'when disabling user configuration' do
+    before do
+      let :params do
+        {
+          :configure_user => false
+        }
+      end
+
+      it { should_not contain_keystone_user('keystone') }
+      it { should contain_keystone_user_role('keystone@openstack') }
+    end
+  end
+
+  describe 'when disabling user and role configuration' do
+    before do
+      let :params do
+        {
+          :configure_user       => false,
+          :configure_user_role  => false
+        }
+      end
+
+      it { should_not contain_keystone_user('keystone') }
+      it { should_not contain_keystone_user_role('keystone@openstack') }
+    end
+  end
+
 end