diff --git a/playbooks/edx-east/manage_edxapp_users_and_groups.yml b/playbooks/edx-east/manage_edxapp_users_and_groups.yml
index eba6797..98c7a64 100644
--- a/playbooks/edx-east/manage_edxapp_users_and_groups.yml
+++ b/playbooks/edx-east/manage_edxapp_users_and_groups.yml
@@ -10,7 +10,7 @@
 #
 # Overview:
 # This playbook ensures that the specified users and groups exist in the targeted
-# edxapp cluster. 
+# edxapp cluster.
 #
 # Users have the following properties:
 #   - username (required, str)
@@ -72,7 +72,6 @@
 #   for perm in Permission.objects.all():
 #     print '{}:{}:{}'.format(perm.content_type.app_label, perm.content_type.model, perm.codename)
 #
-
 - hosts: all
   vars:
     python_path: /edx/bin/python.edxapp
diff --git a/playbooks/roles/common_vars/defaults/main.yml b/playbooks/roles/common_vars/defaults/main.yml
index 9d63da3..739967f 100644
--- a/playbooks/roles/common_vars/defaults/main.yml
+++ b/playbooks/roles/common_vars/defaults/main.yml
@@ -220,3 +220,6 @@ COMMON_OIDC_ISSUER: '{{ COMMON_OAUTH_URL_ROOT }}'
 COMMON_JWT_AUDIENCE: 'SET-ME-PLEASE'
 COMMON_JWT_ISSUER: '{{ COMMON_OIDC_ISSUER }}'
 COMMON_JWT_SECRET_KEY: 'SET-ME-PLEASE'
+
+# Set sandbox admin default
+SANDBOX_CREATE_ADMIN_USER: True
diff --git a/playbooks/roles/demo/defaults/main.yml b/playbooks/roles/demo/defaults/main.yml
index 31e3627..b0e3fef 100644
--- a/playbooks/roles/demo/defaults/main.yml
+++ b/playbooks/roles/demo/defaults/main.yml
@@ -24,19 +24,23 @@ demo_test_users:
     username: honor
     hashed_password: "{{ demo_hashed_password }}"
     is_staff: false
+    is_superuser: false
   - email: 'audit@example.com'
     username: audit
     hashed_password: "{{ demo_hashed_password }}"
     is_staff: false
+    is_superuser: false
   - email: 'verified@example.com'
     username: verified
     hashed_password: "{{ demo_hashed_password }}"
     is_staff: false
+    is_superuser: false
 demo_staff_user:
   email: 'staff@example.com'
   username: staff
   hashed_password: "{{ demo_hashed_password }}"
   is_staff: true
+  is_superuser: false
 demo_edxapp_user: 'edxapp'
 demo_edxapp_settings: '{{ COMMON_EDXAPP_SETTINGS }}'
 demo_edxapp_venv_bin: '{{ COMMON_APP_DIR }}/{{ demo_edxapp_user }}/venvs/{{demo_edxapp_user}}/bin'
diff --git a/playbooks/roles/demo/tasks/deploy.yml b/playbooks/roles/demo/tasks/deploy.yml
index 0ca1c99..4b525bd 100644
--- a/playbooks/roles/demo/tasks/deploy.yml
+++ b/playbooks/roles/demo/tasks/deploy.yml
@@ -26,12 +26,22 @@
     demo_test_and_staff_users: "{{ demo_test_users }}"
   when: not DEMO_CREATE_STAFF_USER
 
+- name: build staff, admin, and test user list
+  set_fact:
+    demo_test_admin_and_staff_users: "{{ demo_test_and_staff_users + [SANDBOX_EDXAPP_USERS] }}"
+  when: SANDBOX_CREATE_ADMIN_USER
+
+- name: build staff, admin, and test user list
+  set_fact:
+    demo_test_admin_and_staff_users: "{{ demo_test_and_staff_users }}"
+  when: not SANDBOX_CREATE_ADMIN_USER
+
 - name: create some test users
-  shell: "{{ demo_edxapp_venv_bin }}/python ./manage.py lms --settings={{ demo_edxapp_settings }} --service-variant lms manage_user {{ item.username}} {{ item.email }} --initial-password-hash {{ item.hashed_password | quote }}{% if item.is_staff %} --staff{% endif %}"
+  shell: "{{ demo_edxapp_venv_bin }}/python ./manage.py lms --settings={{ demo_edxapp_settings }} --service-variant lms manage_user {{ item.username}} {{ item.email }} --initial-password-hash {{ item.hashed_password | quote }}{% if item.is_staff %} --staff{% endif %}{% if item.is_superuser %} --superuser{% endif %}"
   args:
     chdir: "{{ demo_edxapp_code_dir }}"
   become_user: "{{ common_web_user }}"
-  with_items: "{{ demo_test_and_staff_users }}"
+  with_items: "{{ demo_test_admin_and_staff_users }}"
   when: demo_checkout.changed
 
 - name: enroll test users in the demo course