diff --git a/inventory/group_vars/retrace b/inventory/group_vars/retrace
index 785f390cbb..bdb1ad1b3e 100644
--- a/inventory/group_vars/retrace
+++ b/inventory/group_vars/retrace
@@ -1,7 +1,13 @@
 ---
-fas_client_groups: retrace
+primary_auth_source: ipa
+ipa_host_group: retrace
+ipa_host_group_desc: Retrace servers
+ipa_client_shell_groups:
+- retrace
+ipa_client_sudo_groups:
+- retrace
+
 freezes: false
-sudoers: "{{ private }}/files/sudo/arm-retrace-sudoers"
 ansible_ifcfg_blocklist: true
 
 tcp_ports: [ 80, 443 ]
diff --git a/inventory/group_vars/retrace_stg_aws b/inventory/group_vars/retrace_stg_aws
index f6b674415e..ae0aba7f42 100644
--- a/inventory/group_vars/retrace_stg_aws
+++ b/inventory/group_vars/retrace_stg_aws
@@ -1,5 +1,10 @@
 ---
-fas_client_groups: retrace
+ipa_host_group: retrace
+ipa_host_group_desc: Retrace servers
+ipa_client_shell_groups:
+- retrace
+ipa_client_sudo_groups:
+- retrace
 devel: true
 
 tcp_ports: [22, 80, 443 ]
diff --git a/playbooks/groups/retrace.yml b/playbooks/groups/retrace.yml
index 8eb1d876b6..146470d16e 100644
--- a/playbooks/groups/retrace.yml
+++ b/playbooks/groups/retrace.yml
@@ -64,14 +64,12 @@
   tasks:
     - import_role: name=base
     - import_role: name=hosts
-    - { import_role: name=ipa/client, when: env == "staging" }
-    - { import_role: name=fas_client, when: env != "staging" }
+    - import_role: name=ipa/client
     - import_role: name=rkhunter
     - import_role: name=nagios_client
     - import_role: name=openvpn/client
     - import_role: name=sudo
 
-    - import_tasks: "{{ tasks_path }}/2fa_client.yml"
     - import_tasks: "{{ tasks_path }}/motd.yml"
 
   handlers: