diff --git a/CHANGELOG.md b/CHANGELOG.md
index cc58d66..e52d171 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,8 @@
+## v1.X
+
+### Enhancements
+
+* Add a var to disable the role.
 
 ## v1.3.1
 
diff --git a/README.md b/README.md
index 22818e8..f47ac05 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,7 @@ Highly inspired by [Lae's system_ldap role][lae sssd galaxy] with minors updates
 
 ## Role Variables
 
+* **sssd__deploy_state**: The desired state this role should achieve [default : `present`].
 * **sssd_pkg_state** : State of new sssd packages [default : `latest`].
 * **sssd__unwanted_packages_state** : State of unwanted packages that might interfer with SSSD [default : `absent`].
 * **sssd_conf_manage** : If SSSD configuration should be managed with this role [default : `true`].
diff --git a/defaults/main.yml b/defaults/main.yml
index dafbe79..5efeadd 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,9 +1,59 @@
 ---
+# .. vim: foldmarker=[[[,]]]:foldmethod=marker
 
-# Package
+# ipr-cnrs.netdata default variables [[[
+# ======================================
+
+# Packages and installation [[[
+# -----------------------------
+
+# .. envvar:: sssd_pkg_state [[[
+#
+# State of the packages to install. Possible options :
+#
+# ``latest``
+#   Default. Ensure those packages are in the latest state.
+#
+# ``absent``
+#   Default. Ensure to remove those packages.
+#
+# ``present``
+#   Ensure to install those packages.
+#
 sssd_pkg_state: 'latest'
-
+                                                                       # ]]]
+# .. envvar:: sssd__unwanted_packages_state [[[
+#
+# State of the unwanted packages. Possible options :
+#
+# ``absent``
+#   Default. Ensure to remove those packages.
+#
+# ``present``
+#   Ensure to install those packages.
+#
+# ``latest``
+#   Ensure those packages are in the latest state.
+#
+# ``Anything else``
+#   The packages will not be touch.
+#
 sssd__unwanted_packages_state: 'absent'
+                                                                       # ]]]
+# .. envvar:: sssd__deploy_state [[[
+#
+# What is the desired state which this role should achieve ? Possible options :
+#
+# ``present``
+#   Default. Ensure that sssd is installed and configured as requested.
+#
+# ``absent``
+#   TODO: Ensure that sssd is uninstalled and it's configuration is removed.
+#
+sssd__deploy_state: 'present'
+                                                                   # ]]]
+                                                                   # ]]]
+
 
 # Configuration
 sssd_conf_manage: true
diff --git a/tasks/main.yml b/tasks/main.yml
index 8eb17f0..1a56566 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,6 +1,9 @@
 ---
+# .. vim: foldmarker=[[[,]]]:foldmethod=marker
+
 # tasks file for ansible-role-sssd
 
+# Load vars [[[1
 - name: Load specific OS vars
   include_vars: "{{ item }}"
   with_first_found:
@@ -8,15 +11,16 @@
     - "{{ ansible_distribution|lower }}.yml"
     - "{{ ansible_os_family|lower }}.yml"
 
-# Packages [[[
+# Manage packages [[[1
 - name: Install sssd
   package:
     name: "{{ item }}"
-    state: "{{ sssd_pkg_state }}"
+    state: 'present'
   with_flattened:
     - '{{ sssd_pkg_list | to_nice_json }}'
   register: sssd_pkg_result
   until: sssd_pkg_result is success
+  when: (sssd__deploy_state == "present")
 
 - name: Remove unwanted packages
   package:
@@ -26,9 +30,10 @@
     - '{{ sssd__unwanted_packages_list | to_nice_json }}'
   register: sssd_remove_result
   until: sssd_remove_result is success
-# ]]]
+  when: (sssd__deploy_state == "present")
 
-# Update nsswitch.conf
+# Manage configuration [[[1
+## Update nsswitch.conf
 - name: CONFIG sudoers nsswitch.conf
   lineinfile:
     dest: /etc/nsswitch.conf
@@ -38,7 +43,7 @@
     owner: root
     group: root
     mode: 0644
-  when: not sssd_sudoers_ldap and sssd_nsswitch_manage
+  when: (sssd__deploy_state == "present") and (not sssd_sudoers_ldap and sssd_nsswitch_manage)
 
 # Configuration file
 - name: CONFIG sssd.conf
@@ -49,7 +54,7 @@
     owner: root
     group: root
     backup: true
-  when: sssd_conf_manage
+  when: (sssd__deploy_state == "present") and (sssd_conf_manage)
   notify:
     - restart sssd
     - restart logind
@@ -67,7 +72,7 @@
       [domain/{{ sssd_domain }}]
       #ldap_default_authtok = password for {{ sssd_bind_dn }} after END BLOCK
       {% if sssd_bind_password %}ldap_default_authtok = {{ sssd_bind_password }}{% endif %}
-  when: sssd_conf_manage
+  when: (sssd__deploy_state == "present") and (sssd_conf_manage)
   notify:
     - restart sssd
     - restart logind
@@ -78,7 +83,7 @@
     regexp: 'pam_mkhomedir\.so'
     line: "session required                        pam_mkhomedir.so        umask=0022      skel=/etc/skel/ silent"
     state: present
-  when: sssd_mkhomedir
+  when: (sssd__deploy_state == "present") and (sssd_mkhomedir)
 
 - name: Flush handlers to be able to use SSSD authentication
   meta: flush_handlers