diff --git a/heat/templates/bin/_trusts.sh.tpl b/heat/templates/bin/_trusts.sh.tpl
index 0e1e2e5ea1..bef874dcf2 100644
--- a/heat/templates/bin/_trusts.sh.tpl
+++ b/heat/templates/bin/_trusts.sh.tpl
@@ -19,7 +19,7 @@ set -ex
 # Get IDs for filtering
 OS_PROJECT_ID=$(openstack project show -f value -c id ${OS_PROJECT_NAME})
 OS_USER_ID=$(openstack user show -f value -c id ${OS_USERNAME})
-SERVICE_OS_TRUSTEE_ID=$(openstack user show -f value -c id ${SERVICE_OS_TRUSTEE})
+SERVICE_OS_TRUSTEE_ID=$(openstack user show -f value -c id --domain ${SERVICE_OS_TRUSTEE_DOMAIN} ${SERVICE_OS_TRUSTEE})
 
 # Check if trust doesn't already exist
 openstack trust list -f value -c "Project ID" \
@@ -42,6 +42,7 @@ fi
 SERVICE_OS_TRUST_ID=$(openstack trust create -f value -c id \
           --project="${OS_PROJECT_NAME}" \
           ${roles[@]/#/--role=} \
+          --trustee-domain="${SERVICE_OS_TRUSTEE_DOMAIN}" \
           "${OS_USERNAME}" \
           "${SERVICE_OS_TRUSTEE}")
 
diff --git a/heat/templates/job-trusts.yaml b/heat/templates/job-trusts.yaml
index 46b09f74b0..95b627670b 100644
--- a/heat/templates/job-trusts.yaml
+++ b/heat/templates/job-trusts.yaml
@@ -61,6 +61,8 @@ spec:
               value: {{ .Values.conf.heat.DEFAULT.trusts_delegated_roles }}
             - name: SERVICE_OS_TRUSTEE
               value: {{ .Values.endpoints.identity.auth.heat_trustee.username }}
+            - name: SERVICE_OS_TRUSTEE_DOMAIN
+              value: {{ .Values.endpoints.identity.auth.heat_trustee.user_domain_name }}
       volumes:
         - name: heat-bin
           configMap: