diff --git a/lib/ansible/module_utils/manageiq.py b/lib/ansible/module_utils/manageiq.py
index 9c2cbf5b92..4ebd956fb2 100755
--- a/lib/ansible/module_utils/manageiq.py
+++ b/lib/ansible/module_utils/manageiq.py
@@ -41,6 +41,7 @@ def manageiq_argument_spec():
         url=dict(default=os.environ.get('MIQ_URL', None)),
         username=dict(default=os.environ.get('MIQ_USERNAME', None)),
         password=dict(default=os.environ.get('MIQ_PASSWORD', None), no_log=True),
+        token=dict(default=os.environ.get('MIQ_TOKEN', None), no_log=True),
         verify_ssl=dict(default=True, type='bool'),
         ca_bundle_path=dict(required=False, default=None),
     )
@@ -51,6 +52,21 @@ def check_client(module):
         module.fail_json(msg='manageiq_client.api is required for this module')
 
 
+def validate_connection_params(module):
+    params = module.params['manageiq_connection']
+    error_str = "missing required argument: manageiq_connection[{}]"
+    url = params['url']
+    token = params['token']
+    username = params['username']
+    password = params['password']
+
+    if (url and username and password) or (url and token):
+        return params
+    for arg in ['url', 'username', 'password']:
+        if params[arg] in (None, ''):
+            module.fail_json(msg=error_str.format(arg))
+
+
 class ManageIQ(object):
     """
         class encapsulating ManageIQ API client.
@@ -60,22 +76,19 @@ class ManageIQ(object):
         # handle import errors
         check_client(module)
 
-        params = module.params['manageiq_connection']
-
-        # check for required arguments
-        for arg in ['url', 'username', 'password']:
-            if params[arg] in (None, ''):
-                module.fail_json(msg="missing required argument: manageiq_connection[{}]".format(arg))
+        params = validate_connection_params(module)
 
         url = params['url']
         username = params['username']
         password = params['password']
+        token = params['token']
         verify_ssl = params['verify_ssl']
         ca_bundle_path = params['ca_bundle_path']
 
         self._module = module
         self._api_url = url + '/api'
-        self._client = ManageIQClient(self._api_url, (username, password), verify_ssl=verify_ssl, ca_bundle_path=ca_bundle_path)
+        self._auth = dict(user=username, password=password, token=token)
+        self._client = ManageIQClient(self._api_url, self._auth, verify_ssl=verify_ssl, ca_bundle_path=ca_bundle_path)
 
     @property
     def module(self):
diff --git a/lib/ansible/modules/remote_management/manageiq/manageiq_user.py b/lib/ansible/modules/remote_management/manageiq/manageiq_user.py
index faa7e1892a..cb680c0176 100755
--- a/lib/ansible/modules/remote_management/manageiq/manageiq_user.py
+++ b/lib/ansible/modules/remote_management/manageiq/manageiq_user.py
@@ -84,6 +84,18 @@ EXAMPLES = '''
       password: 'smartvm'
       verify_ssl: False
 
+- name: Create a new user in ManageIQ using a token
+  manageiq_user:
+    userid: 'jdoe'
+    name: 'Jane Doe'
+    password: 'VerySecret'
+    group: 'EvmGroup-user'
+    email: 'jdoe@example.com'
+    manageiq_connection:
+      url: 'http://127.0.0.1:3000'
+      token: 'sometoken'
+      verify_ssl: False
+
 - name: Delete a user in ManageIQ
   manageiq_user:
     state: 'absent'
@@ -94,6 +106,15 @@ EXAMPLES = '''
       password: 'smartvm'
       verify_ssl: False
 
+- name: Delete a user in ManageIQ using a token
+  manageiq_user:
+    state: 'absent'
+    userid: 'jdoe'
+    manageiq_connection:
+      url: 'http://127.0.0.1:3000'
+      token: 'sometoken'
+      verify_ssl: False
+
 - name: Update email of user in ManageIQ
   manageiq_user:
     userid: 'jdoe'
@@ -103,6 +124,15 @@ EXAMPLES = '''
       username: 'admin'
       password: 'smartvm'
       verify_ssl: False
+
+- name: Update email of user in ManageIQ using a token
+  manageiq_user:
+    userid: 'jdoe'
+    email: 'jaustine@example.com'
+    manageiq_connection:
+      url: 'http://127.0.0.1:3000'
+      token: 'sometoken'
+      verify_ssl: False
 '''
 
 RETURN = '''
diff --git a/lib/ansible/utils/module_docs_fragments/manageiq.py b/lib/ansible/utils/module_docs_fragments/manageiq.py
index 35aa80da24..e32eece441 100644
--- a/lib/ansible/utils/module_docs_fragments/manageiq.py
+++ b/lib/ansible/utils/module_docs_fragments/manageiq.py
@@ -32,13 +32,17 @@ options:
         description:
           - ManageIQ environment url. C(MIQ_URL) env var if set. otherwise, it is required to pass it.
       username:
-        required: true
+        required: false
         description:
-          - ManageIQ username. C(MIQ_USERNAME) env var if set. otherwise, it is required to pass it.
+          - ManageIQ username. C(MIQ_USERNAME) env var if set. otherwise, required if no token is passed in.
       password:
-        required: true
+        required: false
         description:
-          - ManageIQ password. C(MIQ_PASSWORD) env var if set. otherwise, it is required to pass it.
+          - ManageIQ password. C(MIQ_PASSWORD) env var if set. otherwise, required if no token is passed in.
+      token:
+        required: false
+        description:
+          - ManageIQ token. C(MIQ_TOKEN) env var if set. otherwise, required if no username or password is passed in.
       verify_ssl:
         required: false
         default: true