diff --git a/tasks/create-jwt-keys.yml b/tasks/create-jwt-keys.yml
index 4195611..66a04fc 100644
--- a/tasks/create-jwt-keys.yml
+++ b/tasks/create-jwt-keys.yml
@@ -1,4 +1,9 @@
 ---
+- name: Assert whether Private
+  stat:
+    path: "{{ jwt_private_key }}"
+  register: key
+
 - block:
   - name: Create folder for jwt-keys
     file:
@@ -17,6 +22,7 @@
     shell: "openssl genrsa -passout pass:{{ passphrase.stdout }} -out {{ jwt_private_key }} {{ jwt_key_size }}"
     args:
       chdir: "{{ jwt_key_folder }}"
+      creates: "{{ jwt_private_key }}"
 
   - name: Prep to remove passphrase from Key
     copy:
@@ -39,4 +45,5 @@
     args:
       chdir: "{{ jwt_key_folder }}"
 
-  become: yes
\ No newline at end of file
+  become: yes
+  when: key.stat.exists == False
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
index 543bf73..4932efb 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -37,11 +37,15 @@
     copy:
       src: "{{ sso_saml_idp_metadata_local_filename }}"
       dest: "{{ saml_folder }}/target_idp_metadata.xml"
+      owner: "{{ opdk_user_name }}"
+      group: "{{ opdk_group_name }}"
+      mode: 0655
 
   - name: Configure SAML IDP Metadata URL with file
     set_fact:
       sso_saml_idp_metadata_url: "file://{{ saml_folder }}/target_idp_metadata.xml"
 
+  become: true
   when: sso_saml_idp_metadata_local_filename is defined and sso_saml_idp_metadata_local_filename | trim | length < 0
 
 - name: Touch file