diff --git a/deployment/ipa/ipaservices-baremetal-ansible.yaml b/deployment/ipa/ipaservices-baremetal-ansible.yaml
index 0c6b00146f..30eb17f778 100644
--- a/deployment/ipa/ipaservices-baremetal-ansible.yaml
+++ b/deployment/ipa/ipaservices-baremetal-ansible.yaml
@@ -43,7 +43,8 @@ parameters:
     type: string
   IdMServer:
     default: ''
-    description: FQDN for the FreeIPA server.  Typically, this is discovered
+    description: FQDN for the FreeIPA server.  If you set this value, IdMDomain
+                 also has to be provided.  Typically, this is discovered
                  through DNS and does not have to set explicitly.
     type: string
   IdMNovaKeytab:
@@ -72,6 +73,11 @@ parameters:
     description:  The level by which the PTR DNS record is split when creating zones.
     type: string
 
+conditions:
+  idm_server_provided:
+    not:
+      equals: [{get_param: IdMServer}, ""]
+
 outputs:
   role_data:
     description: Role data for the ipaservice service
@@ -97,9 +103,13 @@ outputs:
                 tripleo_ipa_ptr_zone_split_ipv4: {get_param: IdMZoneSplitIPv4}
                 tripleo_ipa_ptr_zone_split_ipv6: {get_param: IdMZoneSplitIPv6}
           environment:
-            IPA_HOST: {get_param: IdMServer}
-            IPA_USER: "nova/{{ ansible_fqdn }}"
-            KRB5_CLIENT_KTNAME: {get_param: IdMNovaKeytab}
+            if:
+              - idm_server_provided
+              - IPA_HOST: {get_param: IdMServer}
+                IPA_USER: "nova/{{ ansible_fqdn }}"
+                KRB5_CLIENT_KTNAME: {get_param: IdMNovaKeytab}
+              - IPA_USER: "nova/{{ ansible_fqdn }}"
+                KRB5_CLIENT_KTNAME: {get_param: IdMNovaKeytab}
       deploy_steps_tasks:
         - name: enroll the node as an ipa client
           when: step|int == 1