diff --git a/inventory/group_vars/mbs b/inventory/group_vars/mbs
index 18a86a31b5..5385bc6cf3 100644
--- a/inventory/group_vars/mbs
+++ b/inventory/group_vars/mbs
@@ -1,4 +1,5 @@
 ---
+primary_auth_source: ipa
 ipa_host_group: mbs
 ipa_host_group_desc: Modular Build Service hosts
 ipa_client_shell_groups:
diff --git a/inventory/group_vars/mbs_backend b/inventory/group_vars/mbs_backend
index 5b23edb8f5..b69bc74bfe 100644
--- a/inventory/group_vars/mbs_backend
+++ b/inventory/group_vars/mbs_backend
@@ -9,9 +9,6 @@ num_cpus: 2
 tcp_ports: [ 3000, 3001, 3002, 3003,
              3004, 3005, 3006, 3007 ]
 
-fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran
-sudoers: "{{ private }}/files/sudo/mbs-sudoers"
-
 # These people get told when something goes wrong.
 fedmsg_error_recipients:
 - ralph@fedoraproject.org
diff --git a/inventory/group_vars/mbs_frontend b/inventory/group_vars/mbs_frontend
index d3d35ebf48..522a003644 100644
--- a/inventory/group_vars/mbs_frontend
+++ b/inventory/group_vars/mbs_frontend
@@ -16,9 +16,6 @@ tcp_ports: [ 80 ]
 # Neeed for rsync from log01 for logs.
 custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
 
-fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran
-sudoers: "{{ private }}/files/sudo/mbs-sudoers"
-
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: mbs
diff --git a/playbooks/groups/mbs.yml b/playbooks/groups/mbs.yml
index fc8b448bdd..3bae01922e 100644
--- a/playbooks/groups/mbs.yml
+++ b/playbooks/groups/mbs.yml
@@ -18,15 +18,12 @@
   - rkhunter
   - nagios_client
   - hosts
-  - { role: ipa/client, when: env == "staging" }
-  - { role: fas_client, when: env != "staging" }
+  - ipa/client
   - rsyncd
   - sudo
   - collectd/base
 
   tasks:
-  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
-    when: env != "staging"
   - import_tasks: "{{ tasks_path }}/motd.yml"
 
   handlers: