diff --git a/keystonemiddleware/auth_token/_opts.py b/keystonemiddleware/auth_token/_opts.py
index 6231b6db..73debbb9 100644
--- a/keystonemiddleware/auth_token/_opts.py
+++ b/keystonemiddleware/auth_token/_opts.py
@@ -68,9 +68,9 @@ _OPTS = [
     cfg.StrOpt('auth_version',
                help='API version of the Identity API endpoint.'),
     cfg.StrOpt('interface',
-               default='admin',
+               default='internal',
                help='Interface to use for the Identity API endpoint. Valid'
-               ' values are "public", "internal" or "admin"(default).'),
+               ' values are "public", "internal" (default) or "admin".'),
     cfg.BoolOpt('delay_auth_decision',
                 default=False,
                 help='Do not handle authorization requests within the'
diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
index 9ea80770..25fbf73d 100644
--- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
@@ -513,8 +513,8 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
         west_versions = fixture.DiscoveryList(href=west_url)
 
         s = token.add_service('identity')
-        s.add_endpoint(interface='admin', url=east_url, region='east')
-        s.add_endpoint(interface='admin', url=west_url, region='west')
+        s.add_endpoint(interface='internal', url=east_url, region='east')
+        s.add_endpoint(interface='internal', url=west_url, region='west')
 
         self.requests_mock.get(auth_url, json=auth_versions)
         self.requests_mock.get(east_url, json=east_versions)
@@ -2261,7 +2261,7 @@ class AuthProtocolLoadingTests(BaseAuthTokenMiddlewareTest):
         admin_token_id = uuid.uuid4().hex
         admin_token = fixture.V3Token(project_id=self.project_id)
         s = admin_token.add_service('identity', name='keystone')
-        s.add_standard_endpoints(admin=self.KEYSTONE_URL)
+        s.add_standard_endpoints(internal=self.KEYSTONE_URL)
 
         self.requests_mock.post('%s/v3/auth/tokens' % self.AUTH_URL,
                                 json=admin_token,
diff --git a/releasenotes/notes/change-default-identity-endpoint-fab39579255c31bb.yaml b/releasenotes/notes/change-default-identity-endpoint-fab39579255c31bb.yaml
new file mode 100644
index 00000000..48e9506d
--- /dev/null
+++ b/releasenotes/notes/change-default-identity-endpoint-fab39579255c31bb.yaml
@@ -0,0 +1,11 @@
+---
+prelude: >
+    Since the removal of the Identity API v2 Keystone no longer has any
+    special functionality that requires using the admin endpoint for it. So
+    this release changes the default endpoint being used from ``admin`` to
+    ``internal``, allowing deployments to work without an admin endpoint.
+upgrade:
+  - |
+    [`bug 1830002 <https://bugs.launchpad.net/keystonemiddleware/+bug/1830002>`_]
+    The default Identity endpoint has been changed from ``admin`` to
+    ``internal``.