diff --git a/defaults/main.yml b/defaults/main.yml
index df13f5c4..b871125f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -245,6 +245,10 @@ horizon_keystone_endpoint: "{{ keystone_service_internalurl }}"
 ## Horizon Multi-Domain Support
 # these variables should only be changed if horizon_keystone_endpoint is a Keystone v3 API endpoint
 horizon_keystone_multidomain_support: False
+# It is strongly advised NOT to enable dropdown for public clouds, as advertising enabled domains
+# to unauthenticated customers irresponsibly exposes private information.
+horizon_keystone_multidomain_dropdown: False
+
 horizon_keystone_default_domain: Default
 
 ### Set the cacert pem for Keystone if you'd like Horizon to verify it.
diff --git a/templates/horizon_local_settings.py.j2 b/templates/horizon_local_settings.py.j2
index 56523d54..3c3360bf 100644
--- a/templates/horizon_local_settings.py.j2
+++ b/templates/horizon_local_settings.py.j2
@@ -76,7 +76,11 @@ OPENSTACK_API_VERSIONS = {
 
 # Set this to True if running on multi-domain model. When this is enabled, it
 # will require user to enter the Domain name in addition to username for login.
-OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = {{ horizon_keystone_multidomain_support }}
+OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = {{ horizon_keystone_multidomain_support | bool }}
+
+{%   if horizon_keystone_multidomain_support | bool %}
+OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN = {{ horizon_keystone_multidomain_dropdown | bool }}
+{%   endif %}
 
 {%   if not horizon_keystone_multidomain_support | bool %}
 # Overrides the default domain used when running on single-domain model