diff --git a/requirements.txt b/requirements.txt
index f8dd9aae..f50c0a78 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -7,6 +7,7 @@ pbr!=2.1.0,>=2.0.0 # Apache-2.0
 Django<2,>=1.11;python_version<'3.0'  # BSD
 Django<2.1,>=1.11;python_version>='3.0'  # BSD
 django-compressor>=2.0 # MIT
+keystoneauth1>=3.4.0 # Apache-2.0
 oslo.log>=3.36.0 # Apache-2.0
 oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
 python-designateclient>=2.7.0 # Apache-2.0
diff --git a/sahara_dashboard/api/sahara.py b/sahara_dashboard/api/sahara.py
index 4fe2aac2..0bd053d1 100644
--- a/sahara_dashboard/api/sahara.py
+++ b/sahara_dashboard/api/sahara.py
@@ -93,16 +93,18 @@ def safe_call(func, *args, **kwargs):
 def client(request):
     insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
     cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
-    # TODO(jfreud): pass token directly to client after bug 1747838 resolved
     auth = identity.Token(auth_url=request.user.endpoint,
                           token=request.user.token.id,
                           project_id=request.user.project_id)
-    sess = session.Session(auth=auth)
+    verify = False
+    if cacert:
+        verify = cacert
+    elif not insecure:
+        verify = True
+    sess = session.Session(auth=auth, verify=verify)
     return api_client.Client(VERSIONS.get_active_version()["version"],
                              service_type=SAHARA_SERVICE,
-                             session=sess,
-                             insecure=insecure,
-                             cacert=cacert)
+                             session=sess)
 
 
 def prepare_acl_update_dict(is_public=None, is_protected=None):