diff --git a/manifests/init.pp b/manifests/init.pp
index aaaffc7b..351ed034 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -289,6 +289,10 @@
 #    (optional) Disables the use of reveal button for passwords in the UI.
 #    Defaults to false
 #
+#  [*enforce_password_check*]
+#    (optional) Disables Admin password prompt on Change Password form.
+#    Defaults to false
+#
 # === DEPRECATED group/name
 #
 #  [*fqdn*]
@@ -386,6 +390,7 @@ class horizon(
   $images_panel                        = 'legacy',
   $password_retrieve                   = false,
   $disable_password_reveal             = false,
+  $enforce_password_check              = false,
   # DEPRECATED PARAMETERS
   $custom_theme_path                   = undef,
   $fqdn                                = undef,
diff --git a/releasenotes/notes/enforce_password_check-7e29e1e968874e04.yaml b/releasenotes/notes/enforce_password_check-7e29e1e968874e04.yaml
new file mode 100644
index 00000000..2a3cdd9f
--- /dev/null
+++ b/releasenotes/notes/enforce_password_check-7e29e1e968874e04.yaml
@@ -0,0 +1,3 @@
+---
+features:
+  - Added ability to configure enforce_password_check
diff --git a/spec/classes/horizon_init_spec.rb b/spec/classes/horizon_init_spec.rb
index 227fc209..ac9a2502 100644
--- a/spec/classes/horizon_init_spec.rb
+++ b/spec/classes/horizon_init_spec.rb
@@ -427,6 +427,20 @@ describe 'horizon' do
         ])
       end
     end
+
+    context 'with enforce password check enabled' do
+      before do
+        params.merge!({
+          :enforce_password_check => true
+        })
+      end
+
+      it 'enforce_password_check is configured' do
+        verify_concat_fragment_contents(catalogue, 'local_settings.py', [
+          'HORIZON_CONFIG["enforce_password_check"] = True',
+        ])
+      end
+    end
   end
 
   shared_examples_for 'horizon on RedHat' do
diff --git a/templates/local_settings.py.erb b/templates/local_settings.py.erb
index fb64fca4..826d16e0 100644
--- a/templates/local_settings.py.erb
+++ b/templates/local_settings.py.erb
@@ -140,6 +140,14 @@ HORIZON_CONFIG["password_autocomplete"] = "<%= @password_autocomplete %>"
 HORIZON_CONFIG["disable_password_reveal"] = True
 <% end %>
 
+# Set this to True to display an 'Admin Password' field on the Change Password
+# form to verify that it is indeed the admin logged-in who wants to change the
+# password
+#HORIZON_CONFIG["enforce_password_check"] = False
+<% if @enforce_password_check == true %>
+HORIZON_CONFIG["enforce_password_check"] = True
+<% end %>
+
 # Configure enabled image panel. It can be legacy or angular.
 #HORIZON_CONFIG["images_panel"] = "legacy"
 HORIZON_CONFIG["images_panel"] = "<%= @images_panel %>"