diff --git a/deployment/puppet/glance/manifests/api.pp b/deployment/puppet/glance/manifests/api.pp
index 94919d736e..c565567f74 100644
--- a/deployment/puppet/glance/manifests/api.pp
+++ b/deployment/puppet/glance/manifests/api.pp
@@ -61,6 +61,10 @@
 #   (optional) Authentication URL.
 #   Defaults to 'http://localhost:5000/v2.0'.
 #
+#  [*identity_uri*]
+#    (optional) Complete admin Identity API endpoint.
+#    Defaults to "${auth_protocol}://${auth_host}:${auth_port}/"
+#
 # [* auth_port*]
 #   (optional) Port to use for auth service on auth_host.
 #   Defaults to '35357'.
@@ -162,6 +166,7 @@ class glance::api(
   $auth_url              = 'http://localhost:5000/v2.0',
   $auth_port             = '35357',
   $auth_uri              = false,
+  $identity_uri          = false,
   $auth_admin_prefix     = false,
   $auth_protocol         = 'http',
   $pipeline              = 'keystone+cachemanagement',
@@ -280,6 +285,16 @@ class glance::api(
   }
 
   # auth config
+  if $identity_uri {
+    glance_api_config { 'keystone_authtoken/identity_uri':  value => $identity_uri; }
+  } else {
+    if $auth_admin_prefix {
+      glance_api_config { 'keystone_authtoken/identity_uri':  value => "${auth_protocol}://${auth_host}:${auth_port}/${auth_admin_prefix}"; }
+    } else {
+      glance_api_config { 'keystone_authtoken/identity_uri':  value => "${auth_protocol}://${auth_host}:${auth_port}/"; }
+    }
+  }
+
   glance_api_config {
     'keystone_authtoken/auth_host':     value => $auth_host;
     'keystone_authtoken/auth_port':     value => $auth_port;
diff --git a/deployment/puppet/glance/manifests/registry.pp b/deployment/puppet/glance/manifests/registry.pp
index d1781a3812..4b06f8a656 100644
--- a/deployment/puppet/glance/manifests/registry.pp
+++ b/deployment/puppet/glance/manifests/registry.pp
@@ -59,6 +59,9 @@
 #  [*auth_uri*]
 #    (optional) Complete public Identity API endpoint.
 #
+#  [*identity_uri*]
+#    (optional) Complete admin Identity API endpoint.
+#
 #  [*keystone_tenant*]
 #    (optional) administrative tenant name to connect to keystone.
 #    Defaults to 'services'.
@@ -115,6 +118,7 @@ class glance::registry(
   $auth_port         = '35357',
   $auth_admin_prefix = false,
   $auth_uri          = false,
+  $identity_uri      = false,
   $auth_protocol     = 'http',
   $keystone_tenant   = 'services',
   $keystone_user     = 'glance',
@@ -186,6 +190,16 @@ class glance::registry(
   }
 
   # auth config
+  if $identity_uri {
+    glance_registry_config { 'keystone_authtoken/identity_uri':  value => $identity_uri; }
+  } else {
+    if $auth_admin_prefix {
+      glance_registry_config { 'keystone_authtoken/identity_uri':  value => "${auth_protocol}://${auth_host}:${auth_port}/${auth_admin_prefix}"; }
+    } else {
+      glance_registry_config { 'keystone_authtoken/identity_uri':  value => "${auth_protocol}://${auth_host}:${auth_port}/"; }
+    }
+  }
+
   glance_registry_config {
     'keystone_authtoken/auth_host':     value => $auth_host;
     'keystone_authtoken/auth_port':     value => $auth_port;
diff --git a/deployment/puppet/glance/spec/classes/glance_api_spec.rb b/deployment/puppet/glance/spec/classes/glance_api_spec.rb
index 9deedd4d52..da4876752c 100644
--- a/deployment/puppet/glance/spec/classes/glance_api_spec.rb
+++ b/deployment/puppet/glance/spec/classes/glance_api_spec.rb
@@ -27,6 +27,7 @@ describe 'glance::api' do
       :auth_port             => '35357',
       :auth_protocol         => 'http',
       :auth_uri              => 'http://127.0.0.1:5000/',
+      :identity_uri          => 'http://127.0.0.1:35357/',
       :keystone_tenant       => 'services',
       :keystone_user         => 'glance',
       :keystone_password     => 'ChangeMe',
@@ -55,6 +56,7 @@ describe 'glance::api' do
       :auth_port             => '35358',
       :auth_protocol         => 'https',
       :auth_uri              => 'https://127.0.0.2:5000/v2.0/',
+      :identity_uri          => 'https://127.0.0.2:35358/',
       :keystone_tenant       => 'admin2',
       :keystone_user         => 'admin2',
       :keystone_password     => 'ChangeMe2',
diff --git a/deployment/puppet/glance/spec/classes/glance_registry_spec.rb b/deployment/puppet/glance/spec/classes/glance_registry_spec.rb
index ec0efec27b..61e79916ec 100644
--- a/deployment/puppet/glance/spec/classes/glance_registry_spec.rb
+++ b/deployment/puppet/glance/spec/classes/glance_registry_spec.rb
@@ -23,6 +23,7 @@ describe 'glance::registry' do
       :auth_port         => '35357',
       :auth_protocol     => 'http',
       :auth_uri          => 'http://127.0.0.1:5000/',
+      :identity_uri      => 'http://127.0.0.1:35357/',
       :keystone_tenant   => 'services',
       :keystone_user     => 'glance',
       :keystone_password => 'ChangeMe',
@@ -46,6 +47,7 @@ describe 'glance::registry' do
       :auth_port         => '35357',
       :auth_protocol     => 'http',
       :auth_uri          => 'http://127.0.0.1:5000/',
+      :identity_uri      => 'http://127.0.0.1:35357/',
       :keystone_tenant   => 'admin',
       :keystone_user     => 'admin',
       :keystone_password => 'ChangeMe',