diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0f20eb2f..a13c859a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,10 @@
 - [Security: 1.6.2 to 1.6.3 (tapis/securitymigrate, securityadmin, securityapi, securityexport)](https://github.com/tapis-project/tapis-security/blob/dev/tapis-securityapi/CHANGELOG.md)
 - [Globus-Proxy: 1.6.2 to 1.6.4 (tapis/globus-proxy)](https://github.com/tapis-project/globus-proxy/blob/dev/CHANGELOG.md)
 
+### Breaking Changes for Deployer Admins
+
+- If using the globus-proxy component, you must provide 2 variables in host_vars: `globus_client_id` and `globus_client_secret`. They correspond to the id and secret of the service client, as described here: https://docs.globus.org/guides/recipes/automate-with-service-account/ .
+
 
 ## 1.6.3 
 
diff --git a/playbooks/roles/globus-proxy/defaults/main/vars.yml b/playbooks/roles/globus-proxy/defaults/main/vars.yml
index f6ed979b..7ce22bd0 100644
--- a/playbooks/roles/globus-proxy/defaults/main/vars.yml
+++ b/playbooks/roles/globus-proxy/defaults/main/vars.yml
@@ -9,4 +9,6 @@ globus_proxy_show_traceback: false
 globus_proxy_tenants:
   - dev
   - admin
+globus_client_id: null
+globus_client_secret: null
 
diff --git a/playbooks/roles/globus-proxy/tasks/main.yml b/playbooks/roles/globus-proxy/tasks/main.yml
index 9110777f..c41b2682 100644
--- a/playbooks/roles/globus-proxy/tasks/main.yml
+++ b/playbooks/roles/globus-proxy/tasks/main.yml
@@ -1,4 +1,11 @@
 ---
 
+
+- name: Check mandatory variables are defined
+  assert:
+    that:
+      - globus_client_id != None
+      - globus_client_secret != None
+
 - include_tasks: '{{ tapisctl_action }}.yml'
 
diff --git a/playbooks/roles/globus-proxy/templates/docker/globus-proxy-config.json b/playbooks/roles/globus-proxy/templates/docker/globus-proxy-config.json
index bd62f6af..9ee18f1b 100644
--- a/playbooks/roles/globus-proxy/templates/docker/globus-proxy-config.json
+++ b/playbooks/roles/globus-proxy/templates/docker/globus-proxy-config.json
@@ -6,5 +6,7 @@
     "log_level": "{{globus_proxy_log_level}}",
     "tenants": {{globus_proxy_tenants|to_json}},
     "show_traceback": {{globus_proxy_show_traceback|to_json}},
-    "use_sk": true
-}
\ No newline at end of file
+    "use_sk": true,
+    "client_id": "{{ globus_client_id }}",
+    "client_secret": "{{ globus_client_secret }}"
+}
diff --git a/playbooks/roles/globus-proxy/templates/kube/globus-proxy-config.yml b/playbooks/roles/globus-proxy/templates/kube/globus-proxy-config.yml
index a4e21b11..a6446653 100644
--- a/playbooks/roles/globus-proxy/templates/kube/globus-proxy-config.yml
+++ b/playbooks/roles/globus-proxy/templates/kube/globus-proxy-config.yml
@@ -12,5 +12,8 @@ data:
       "log_level": "{{globus_proxy_log_level}}",
       "tenants": {{globus_proxy_tenants|to_json}},
       "show_traceback": {{globus_proxy_show_traceback|to_json}},
-      "use_sk": true
+      "use_sk": true,
+      "client_id": "{{ globus_client_id }}",
+      "client_secret": "{{ globus_client_secret }}"
     }
+