diff --git a/plugins/modules/ipaservice.py b/plugins/modules/ipaservice.py
index 9468e9dd49cc2266bf54ec797636708ccf6ed0d1..f5cf5ddce79d6918adfb5a668ee9842cc03be64f 100644
--- a/plugins/modules/ipaservice.py
+++ b/plugins/modules/ipaservice.py
@@ -324,7 +324,7 @@ def init_ansible_module():
                            default=None),
             pac_type=dict(type="list", aliases=["ipakrbauthzdata"],
                           choices=["MS-PAC", "PAD", "NONE"]),
-            auth_ind=dict(type="str",
+            auth_ind=dict(type="list",
                           aliases=["krbprincipalauthind"],
                           choices=["otp", "radius", "pkinit", "hardened"]),
             skip_host_check=dict(type="bool"),
diff --git a/tests/service/test_service.yml b/tests/service/test_service.yml
index 10d1285a372402de92a0660914fc7ac29bad0fed..3c518055d64af39fe4a5e2f3c0e6f028d6884354 100644
--- a/tests/service/test_service.yml
+++ b/tests/service/test_service.yml
@@ -113,7 +113,7 @@
         - PAD
       auth_ind: otp
       skip_host_check: no
-      force: no
+      force: yes
       requires_pre_auth: yes
       ok_as_delegate: no
       ok_to_auth_as_delegate: no
@@ -475,6 +475,26 @@
     register: result
     failed_when: result.changed
 
+  - name: Ensure service is present, with multiple auth_ind values.
+    ipaservice:
+      ipaadmin_password: SomeADMINpassword
+      name: "HTTP/{{ svc_fqdn }}"
+      auth_ind: otp,radius
+      skip_host_check: no
+      force: yes
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure service is present, with multiple auth_ind values, again.
+    ipaservice:
+      ipaadmin_password: SomeADMINpassword
+      name: "HTTP/{{ svc_fqdn }}"
+      auth_ind: otp,radius
+      skip_host_check: no
+      force: yes
+    register: result
+    failed_when: result.changed
+
   # cleanup
 
   - name: Ensure services are absent.