diff --git a/devstack/plugin.sh b/devstack/plugin.sh
index 4989eb0c9d..585bd943e4 100755
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@@ -98,10 +98,10 @@ function configure_sahara {
 
     # Set admin user parameters needed for trusts creation
     iniset $SAHARA_CONF_FILE \
-        keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
-    iniset $SAHARA_CONF_FILE keystone_authtoken admin_user sahara
+        keystone_authtoken project_name $SERVICE_TENANT_NAME
+    iniset $SAHARA_CONF_FILE keystone_authtoken username sahara
     iniset $SAHARA_CONF_FILE \
-        keystone_authtoken admin_password $SERVICE_PASSWORD
+        keystone_authtoken password $SERVICE_PASSWORD
 
     iniset_rpc_backend sahara $SAHARA_CONF_FILE DEFAULT
 
diff --git a/doc/source/admin/configuration-guide.rst b/doc/source/admin/configuration-guide.rst
index ef8a982989..920dd8b2d0 100644
--- a/doc/source/admin/configuration-guide.rst
+++ b/doc/source/admin/configuration-guide.rst
@@ -43,7 +43,7 @@ should point to the admin Identity API endpoint. For example:
     auth_uri=http://127.0.0.1:5000/v2.0/
     identity_uri=http://127.0.0.1:35357/
 
-Specify the ``admin_user``, ``admin_password`` and ``admin_tenant_name``.
+Specify the ``username``, ``password`` and ``project_name``.
 These parameters must specify an Identity user who has the ``admin`` role
 in the given project. These credentials allow sahara to authenticate and
 authorize its users.
diff --git a/releasenotes/notes/remove_custom_auth_domainname-984fd2d931e306cc.yaml b/releasenotes/notes/remove_custom_auth_domainname-984fd2d931e306cc.yaml
new file mode 100644
index 0000000000..fa13630dad
--- /dev/null
+++ b/releasenotes/notes/remove_custom_auth_domainname-984fd2d931e306cc.yaml
@@ -0,0 +1,6 @@
+---
+deprecations:
+  - The custom admin_user_domain_name and admin_project_domain_name
+    configuration options have been removed; they are provided
+    by keystone_authtoken as user_domain_name and
+    project_domain_name respectively.
diff --git a/sahara/service/trusts.py b/sahara/service/trusts.py
index 68791746be..72dd77431b 100644
--- a/sahara/service/trusts.py
+++ b/sahara/service/trusts.py
@@ -87,7 +87,7 @@ def create_trust_for_cluster(cluster, expires=True):
     if CONF.use_identity_api_v3 and not cluster.trust_id:
         trustor = keystone.auth()
         trustee = keystone.auth_for_admin(
-            project_name=CONF.keystone_authtoken.admin_tenant_name)
+            project_name=keystone.get_keystoneauth_cfg(CONF, 'project_name'))
 
         trust_id = create_trust(trustor=trustor,
                                 trustee=trustee,
@@ -153,7 +153,7 @@ def use_os_admin_auth_token(cluster):
     ctx = context.current()
     cluster = conductor.cluster_get(ctx, cluster)
     if CONF.use_identity_api_v3 and cluster.trust_id:
-        ctx.username = CONF.keystone_authtoken.admin_user
+        ctx.username = keystone.get_keystoneauth_cfg(CONF, 'username')
         ctx.tenant_id = cluster.tenant_id
         ctx.auth_plugin = keystone.auth_for_admin(
             trust_id=cluster.trust_id)
diff --git a/sahara/tests/unit/service/test_trusts.py b/sahara/tests/unit/service/test_trusts.py
index 2279fd4053..cb46ceeb46 100644
--- a/sahara/tests/unit/service/test_trusts.py
+++ b/sahara/tests/unit/service/test_trusts.py
@@ -70,15 +70,16 @@ class TestTrusts(base.SaharaTestCase):
                                                 allow_redelegation=False)
         self.assertEqual("trust_id", trust_id)
 
+    @mock.patch('sahara.utils.openstack.keystone.get_keystoneauth_cfg')
     @mock.patch('sahara.conductor.API.cluster_get')
     @mock.patch('sahara.conductor.API.cluster_update')
     @mock.patch('sahara.service.trusts.create_trust')
     @mock.patch('sahara.utils.openstack.keystone.auth_for_admin')
     @mock.patch('sahara.context.current')
     def test_create_trust_for_cluster(self, context_current, auth_for_admin,
-                                      create_trust, cluster_update, cl_get):
-        self.override_config('admin_tenant_name', 'admin_project',
-                             group='keystone_authtoken')
+                                      create_trust, cluster_update, cl_get,
+                                      config_get):
+        config_get.return_value = "admin_project"
         trustor_auth = mock.Mock()
         fake_cluster = mock.Mock(trust_id=None)
         cl_get.return_value = fake_cluster
diff --git a/sahara/utils/openstack/keystone.py b/sahara/utils/openstack/keystone.py
index 6c34a5b55c..47bd6e992f 100644
--- a/sahara/utils/openstack/keystone.py
+++ b/sahara/utils/openstack/keystone.py
@@ -23,6 +23,19 @@ from sahara.service import sessions
 from sahara.utils.openstack import base
 
 
+def get_keystoneauth_cfg(conf, name):
+    """get the keystone auth cfg
+
+    Fetch value of keystone_authtoken group from config file when not
+    available as part of GroupAttr.
+    :rtype: String
+    :param conf: oslo config cfg.CONF
+    :param name: property name to be retrieved
+    """
+    value_list = conf._namespace._get_file_value([('keystone_authtoken',
+                                                   name)])
+    return value_list[0]
+
 opts = [
     # TODO(alazarev) Move to [keystone] section
     cfg.BoolOpt('use_identity_api_v3',
@@ -30,17 +43,7 @@ opts = [
                 help='Enables Sahara to use Keystone API v3. '
                      'If that flag is disabled, '
                      'per-job clusters will not be terminated '
-                     'automatically.'),
-    # TODO(mimccune) The following should be integrated into a custom
-    # auth section
-    cfg.StrOpt('admin_user_domain_name',
-               default='default',
-               help='The name of the domain to which the admin user '
-                    'belongs.'),
-    cfg.StrOpt('admin_project_domain_name',
-               default='default',
-               help='The name of the domain for the service '
-                    'project(ex. tenant).')
+                     'automatically.')
 ]
 
 ssl_opts = [
@@ -84,11 +87,11 @@ def auth_for_admin(project_name=None, trust_id=None):
     # into federated authentication. it will need to match the domain that
     # the project_name exists in.
     auth = _password_auth(
-        username=CONF.keystone_authtoken.admin_user,
-        password=CONF.keystone_authtoken.admin_password,
+        username=get_keystoneauth_cfg(CONF, 'username'),
+        password=get_keystoneauth_cfg(CONF, 'password'),
         project_name=project_name,
-        user_domain_name=CONF.admin_user_domain_name,
-        project_domain_name=CONF.admin_project_domain_name,
+        user_domain_name=get_keystoneauth_cfg(CONF, 'user_domain_name'),
+        project_domain_name=get_keystoneauth_cfg(CONF, 'project_domain_name'),
         trust_id=trust_id)
     return auth
 
@@ -120,7 +123,7 @@ def client():
 def client_for_admin():
     '''Return the Sahara admin user client.'''
     auth = auth_for_admin(
-        project_name=CONF.keystone_authtoken.admin_tenant_name)
+        project_name=get_keystoneauth_cfg(CONF, 'project_name'))
     return client_from_auth(auth)