diff --git a/roles/sssd_ldap_auth/tasks/install_Debian.yml b/roles/sssd_ldap_auth/tasks/install_Debian.yml
index c5ac89d..c9cef26 100644
--- a/roles/sssd_ldap_auth/tasks/install_Debian.yml
+++ b/roles/sssd_ldap_auth/tasks/install_Debian.yml
@@ -7,6 +7,7 @@
       - libnss-sss
       - libpam-sss
       - ca-certificates
+  tags: auth
 
 - name: Install oddjob-mkhomedir
   apt:
@@ -14,4 +15,5 @@
       - oddjob-mkhomedir
   when: ansible_distribution_major_version is version('9', '>=')
   notify: restart oddjobd
+  tags: auth
 
diff --git a/roles/sssd_ldap_auth/tasks/install_RedHat.yml b/roles/sssd_ldap_auth/tasks/install_RedHat.yml
index c1ae17b..882a7f9 100644
--- a/roles/sssd_ldap_auth/tasks/install_RedHat.yml
+++ b/roles/sssd_ldap_auth/tasks/install_RedHat.yml
@@ -6,3 +6,4 @@
       - sssd
       - oddjob-mkhomedir
       - authconfig
+  tags: auth
diff --git a/roles/sssd_ldap_auth/tasks/main.yml b/roles/sssd_ldap_auth/tasks/main.yml
index 30f7e65..55ab5df 100644
--- a/roles/sssd_ldap_auth/tasks/main.yml
+++ b/roles/sssd_ldap_auth/tasks/main.yml
@@ -1,11 +1,12 @@
 ---
 
-- include_tasks: install_{{ ansible_os_family }}.yml
+- include: install_{{ ansible_os_family }}.yml
 
 - name: Deploy sssd config
   template: src=sssd.conf.j2 dest=/etc/sssd/sssd.conf owner=root group=root mode=0600
   register: sssd_config
   notify: restart sssd
+  tags: auth
 
   # On el8 for example, sssd is already installed and running on a default setup
   # so we need to restart it now, so users are available (for eg, ssh authorized_keys setup)
@@ -13,6 +14,7 @@
 - name: Restart sssd if needed
   service: name=sssd state=restarted
   when: sssd_config.changed
+  tags: auth
 
 - name: Ensure nsswitch is using sssd
   lineinfile:
@@ -26,12 +28,15 @@
       line: 'shadow:     files sss'
     - regexp: '^group:.*'
       line: 'group:      files sss'
+  tags: auth
 
 - name: Start and enable sssd service
   service: name=sssd state=started enabled=True
+  tags: auth
 
 - name: Start oddjobd
   service: name=oddjobd state=started enabled=True
   when: ansible_distribution != 'Debian' or ansible_distribution_major_version is version('9', '>=')
+  tags: auth
 
-- include_tasks: pam_{{ ansible_os_family }}.yml
+- include: pam_{{ ansible_os_family }}.yml
diff --git a/roles/sssd_ldap_auth/tasks/pam_Debian.yml b/roles/sssd_ldap_auth/tasks/pam_Debian.yml
index c3ee2ba..d5b07a0 100644
--- a/roles/sssd_ldap_auth/tasks/pam_Debian.yml
+++ b/roles/sssd_ldap_auth/tasks/pam_Debian.yml
@@ -7,3 +7,4 @@
     - auth
     - password
     - session
+  tags: auth
diff --git a/roles/sssd_ldap_auth/tasks/pam_RedHat.yml b/roles/sssd_ldap_auth/tasks/pam_RedHat.yml
index e433bec..4c1bd2e 100644
--- a/roles/sssd_ldap_auth/tasks/pam_RedHat.yml
+++ b/roles/sssd_ldap_auth/tasks/pam_RedHat.yml
@@ -5,7 +5,9 @@
   register: auth_sss_done
   changed_when: False
   failed_when: False
+  tags: auth
 
 - name: Configure authentication with authconfig
   command: authconfig --enablemkhomedir --enablesssd --enablesssdauth --update
   when: auth_sss_done.rc != 0
+  tags: auth