diff --git a/.github/workflows/community.yml b/.github/workflows/community.yml
index ffb70317b..fd5929bed 100644
--- a/.github/workflows/community.yml
+++ b/.github/workflows/community.yml
@@ -11,6 +11,7 @@ on:
       - "*.md"
 jobs:
   docker:
+    name: Test ${{ matrix.role.name }} role on ${{ matrix.molecule_distro.image }}
     # -A* and -M* are not available without nexus credentials
     if: |
       ! startsWith(github.head_ref, 'next/')
@@ -34,8 +35,10 @@ jobs:
           - name: transformers
         exclude:
           # Keycloak collection doesn't support ubuntu
-          - name: identity
-            image: ubuntu:20.04
+          - role:
+              name: identity
+            molecule_distro:
+              image: ubuntu:20.04
     env:
       PY_COLORS: 1
       PYTHONUNBUFFERED: 1
diff --git a/.secrets.baseline b/.secrets.baseline
index 155f50b53..8f6ef9509 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -158,13 +158,23 @@
         "is_secret": false
       }
     ],
+    "roles/identity/molecule/default/converge.yml": [
+      {
+        "type": "Secret Keyword",
+        "filename": "roles/identity/molecule/default/converge.yml",
+        "hashed_secret": "76b90e2bab0dda9507c2c61ac09281d6cf1ea41e",
+        "is_verified": false,
+        "line_number": 5,
+        "is_secret": false
+      }
+    ],
     "roles/identity/tasks/realm.yml": [
       {
         "type": "Secret Keyword",
         "filename": "roles/identity/tasks/realm.yml",
         "hashed_secret": "973503d55aba40e89d4ab4c16783bc9a159c512e",
         "is_verified": false,
-        "line_number": 14,
+        "line_number": 13,
         "is_secret": false
       }
     ],
@@ -249,5 +259,5 @@
       }
     ]
   },
-  "generated_at": "2023-09-20T08:47:39Z"
+  "generated_at": "2023-09-26T14:44:04Z"
 }
diff --git a/roles/identity/meta/argument_specs.yml b/roles/identity/meta/argument_specs.yml
index 332b11309..2596052d4 100644
--- a/roles/identity/meta/argument_specs.yml
+++ b/roles/identity/meta/argument_specs.yml
@@ -5,7 +5,6 @@ argument_specs:
     options:
       identity_admin_username:
         type: str
-        required: true
         default: admin
         description: |
           Username of the keycloak instance admin user
diff --git a/roles/identity/molecule/default/converge.yml b/roles/identity/molecule/default/converge.yml
index 0d0577e10..6982fcd64 100644
--- a/roles/identity/molecule/default/converge.yml
+++ b/roles/identity/molecule/default/converge.yml
@@ -1,6 +1,8 @@
 ---
 - name: Converge
   hosts: all
+  vars:
+    identity_admin_password: keycloak12345
   tasks:
     - name: "Include identity"
       ansible.builtin.include_role:
diff --git a/roles/identity/tasks/realm.yml b/roles/identity/tasks/realm.yml
index 6d291d8bb..2d85d4bdd 100644
--- a/roles/identity/tasks/realm.yml
+++ b/roles/identity/tasks/realm.yml
@@ -3,8 +3,7 @@
   vars:
     theme_version: "{{ identity_alfresco_theme_version }}"
   ansible.builtin.unarchive:
-    src: "https://github.com/Alfresco/alfresco-keycloak-theme/releases/download/
-      {{ theme_version }}/alfresco-keycloak-theme-{{ theme_version }}.zip"
+    src: https://github.com/Alfresco/alfresco-keycloak-theme/releases/download/{{ theme_version }}/alfresco-keycloak-theme-{{ theme_version }}.zip
     dest: /opt/keycloak/keycloak-{{ identity_keycloak_quarkus_version }}/themes
     remote_src: true
 
@@ -39,6 +38,8 @@
       - ru
       - sv
       - zh-CN
+  tags:
+    - molecule-idempotence-notest
 
 - name: Configure basic alfresco client
   community.general.keycloak_client:
@@ -50,6 +51,4 @@
     realm: alfresco
     client_id: alfresco
     enabled: true
-    redirect_uris: "{{ known_urls | map('regex_replace', '(.*)$', '\\1*') | list }}"
-    web_origins: "{{ known_urls }}"
     state: present