diff --git a/defaults/main.yml b/defaults/main.yml
index 56cd86d5..9b3390a4 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -60,6 +60,7 @@ horizon_enable_password_retrieve: False
 # If nova_libvirt_inject_password is set to True, then this can also be enabled:
 horizon_can_set_password: False
 
+
 ## Horizon SSL
 horizon_ssl_cert: /etc/ssl/certs/horizon.pem
 horizon_ssl_key: /etc/ssl/private/horizon.key
@@ -85,6 +86,11 @@ horizon_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ horizo
 horizon_keystone_host: "{{ internal_lb_vip_address }}"
 horizon_keystone_endpoint: "{{ keystone_service_internalurl }}"
 
+## Horizon Multi-Domain Support
+# these variables should only be changed if horizon_keystone_endpoint is a Keystone v3 API endpoint
+horizon_keystone_multidomain_support: False
+horizon_keystone_default_domain: Default
+
 ### Set the cacert pem for Keystone if you'd like Horizon to verify it.
 # horizon_cacert_pem: /path/to/cacert.pem
 
diff --git a/templates/horizon_local_settings.py.j2 b/templates/horizon_local_settings.py.j2
index df6be925..046f954f 100644
--- a/templates/horizon_local_settings.py.j2
+++ b/templates/horizon_local_settings.py.j2
@@ -51,15 +51,15 @@ SESSION_TIMEOUT = {{ horizon_session_timeout }}
 OPENSTACK_API_VERSIONS = {
     "identity": 3,
 }
-{% endif %}
 
 # Set this to True if running on multi-domain model. When this is enabled, it
 # will require user to enter the Domain name in addition to username for login.
-# OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False
+OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = {{ horizon_keystone_multidomain_support }}
 
 # Overrides the default domain used when running on single-domain model
 # with Keystone V3. All entities will be created in the default domain.
-# OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
+OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "{{ horizon_keystone_default_domain }}"
+{% endif %}
 
 # Set Console type:
 # valid options would be "AUTO"(default), "VNC", "SPICE", "RDP", "SERIAL" or None