diff --git a/modules/puppet-dcagent/src/dcagent/manifests/keystone/auth.pp b/modules/puppet-dcagent/src/dcagent/manifests/keystone/auth.pp
index a84a9aec3..c34b773b6 100644
--- a/modules/puppet-dcagent/src/dcagent/manifests/keystone/auth.pp
+++ b/modules/puppet-dcagent/src/dcagent/manifests/keystone/auth.pp
@@ -22,7 +22,7 @@ class dcagent::keystone::auth (
   $service_description    = 'DCAgent service',
   $service_name           = 'dcagent',
   $service_type           = 'dcagent',
-  $configure_endpoint     = false,
+  $configure_endpoint     = true,
   $configure_user         = true,
   $configure_user_role    = true,
   $public_url             = 'http://127.0.0.1:8325/v1',
@@ -33,37 +33,34 @@ class dcagent::keystone::auth (
 
   $real_service_name = pick($service_name, $auth_name)
 
-  $should_configure_endpoint = $distributed_cloud_role ? {
-    'subcloud' => true,
-    default    => $configure_endpoint,
-  }
+  if $distributed_cloud_role == 'subcloud' {
+    keystone::resource::service_identity { 'dcagent':
+      configure_user      => $configure_user,
+      configure_user_role => $configure_user_role,
+      configure_endpoint  => $configure_endpoint,
+      service_type        => $service_type,
+      service_description => $service_description,
+      service_name        => $real_service_name,
+      region              => $region,
+      auth_name           => $auth_name,
+      password            => $password,
+      email               => $email,
+      tenant              => $tenant,
+      public_url          => $public_url,
+      admin_url           => $admin_url,
+      internal_url        => $internal_url,
+    }
 
-  keystone::resource::service_identity { 'dcagent':
-    configure_user      => $configure_user,
-    configure_user_role => $configure_user_role,
-    configure_endpoint  => $should_configure_endpoint,
-    service_type        => $service_type,
-    service_description => $service_description,
-    service_name        => $real_service_name,
-    region              => $region,
-    auth_name           => $auth_name,
-    password            => $password,
-    email               => $email,
-    tenant              => $tenant,
-    public_url          => $public_url,
-    admin_url           => $admin_url,
-    internal_url        => $internal_url,
-  }
-
-  # dcagent is a private service only used by dcmanager-audit and dcorch,
-  # its API is not exposed for public access.
-  -> exec { 'Delete dcagent public endpoint':
-    path      => '/usr/bin',
-    command   => @("CMD"/L),
-      /bin/sh -c 'source /etc/platform/openrc && \
-      openstack endpoint list --service dcagent --interface public --format value -c ID | \
-      xargs --no-run-if-empty openstack endpoint delete'
-      | CMD
-    logoutput => true,
+    # dcagent is a private service only used by dcmanager-audit and dcorch,
+    # its API is not exposed for public access.
+    -> exec { 'Delete dcagent public endpoint':
+      path      => '/usr/bin',
+      command   => @("CMD"/L),
+        /bin/sh -c 'source /etc/platform/openrc && \
+        openstack endpoint list --service dcagent --interface public --format value -c ID | \
+        xargs --no-run-if-empty openstack endpoint delete'
+        | CMD
+      logoutput => true,
+    }
   }
 }
diff --git a/puppet-manifests/src/modules/openstack/manifests/keystone.pp b/puppet-manifests/src/modules/openstack/manifests/keystone.pp
index 48adbc5e2..86a50dfbe 100644
--- a/puppet-manifests/src/modules/openstack/manifests/keystone.pp
+++ b/puppet-manifests/src/modules/openstack/manifests/keystone.pp
@@ -315,7 +315,6 @@ class openstack::keystone::endpoint::runtime {
       include ::dcorch::keystone::auth
       include ::dcmanager::keystone::auth
       include ::dcdbsync::keystone::auth
-      include ::dcagent::keystone::auth
     }
 
     if $::platform::params::distributed_cloud_role == 'subcloud' {
@@ -403,16 +402,14 @@ class openstack::keystone::endpoint::reconfig
     if $::platform::params::distributed_cloud_role =='systemcontroller' {
       Keystone_endpoint["${region}/dcmanager::dcmanager"] -> Keystone_endpoint["${region}/sysinv::platform"]
       Keystone_endpoint["${region}/dcdbsync::dcorch-dbsync"] -> Keystone_endpoint["${region}/sysinv::platform"]
-      Keystone_endpoint["${region}/dcagent::dcagent"] -> Keystone_endpoint["${region}/sysinv::platform"]
       include ::dcorch::keystone::auth
       include ::dcmanager::keystone::auth
       include ::dcdbsync::keystone::auth
-      include ::dcagent::keystone::auth
     }
 
     if $::platform::params::distributed_cloud_role == 'subcloud' {
       Keystone_endpoint["${region}/dcdbsync::dcorch-dbsync"] -> Keystone_endpoint["${region}/sysinv::platform"]
-      Keystone_endpoint["${region}/dcagent"] -> Keystone_endpoint["${region}/sysinv::platform"]
+      Keystone_endpoint["${region}/dcagent::dcagent"] -> Keystone_endpoint["${region}/sysinv::platform"]
       include ::dcdbsync::keystone::auth
       include ::dcagent::keystone::auth
     }
diff --git a/puppet-manifests/src/modules/platform/manifests/dcagent.pp b/puppet-manifests/src/modules/platform/manifests/dcagent.pp
index b88b1a8d7..e877a8a13 100644
--- a/puppet-manifests/src/modules/platform/manifests/dcagent.pp
+++ b/puppet-manifests/src/modules/platform/manifests/dcagent.pp
@@ -10,8 +10,7 @@ class platform::dcagent::params (
 
 class platform::dcagent
   inherits ::platform::dcagent::params {
-  if ($::platform::params::distributed_cloud_role == 'subcloud' or
-      $::platform::params::distributed_cloud_role == 'systemcontroller') {
+  if ($::platform::params::distributed_cloud_role == 'subcloud') {
     if $service_create {
       if $::platform::params::init_keystone {
         include ::dcagent::keystone::auth