diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index a3e4b79371..3da45dc70d 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -1560,7 +1560,8 @@ class CredentialSerializer(BaseSerializer):
                   'password', 'security_token', 'project', 'domain',
                   'ssh_key_data', 'ssh_key_unlock',
                   'become_method', 'become_username', 'become_password',
-                  'vault_password', 'subscription', 'tenant', 'secret', 'client')
+                  'vault_password', 'subscription', 'tenant', 'secret', 'client',
+                  'authorize', 'authorize_password')
 
     def build_standard_field(self, field_name, model_field):
         field_class, field_kwargs = super(CredentialSerializer, self).build_standard_field(field_name, model_field)
diff --git a/awx/main/migrations/0014_v300_invsource_cred.py b/awx/main/migrations/0014_v300_invsource_cred.py
index 02a757dd16..cc10b70b5d 100644
--- a/awx/main/migrations/0014_v300_invsource_cred.py
+++ b/awx/main/migrations/0014_v300_invsource_cred.py
@@ -23,6 +23,16 @@ class Migration(migrations.Migration):
             name='network_credential',
             field=models.ForeignKey(related_name='jobtemplates_as_network_credential+', on_delete=django.db.models.deletion.SET_NULL, default=None, blank=True, to='main.Credential', null=True),
         ),
+        migrations.AddField(
+            model_name='credential',
+            name='authorize',
+            field=models.BooleanField(default=False, help_text='Whether to use the authorize mechanism.'),
+        ),
+        migrations.AddField(
+            model_name='credential',
+            name='authorize_password',
+            field=models.CharField(default=b'', help_text='Password used by the authorize mechanism.', max_length=1024, blank=True),
+        ),
         migrations.AlterField(
             model_name='credential',
             name='deprecated_team',
diff --git a/awx/main/models/credential.py b/awx/main/models/credential.py
index c96948abfa..d47153285d 100644
--- a/awx/main/models/credential.py
+++ b/awx/main/models/credential.py
@@ -56,7 +56,7 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin):
     ]
 
     PASSWORD_FIELDS = ('password', 'security_token', 'ssh_key_data', 'ssh_key_unlock',
-                       'become_password', 'vault_password', 'secret')
+                       'become_password', 'vault_password', 'secret', 'authorize_password')
 
     class Meta:
         app_label = 'main'
@@ -169,6 +169,16 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin):
         default='',
         help_text=_('Vault password (or "ASK" to prompt the user).'),
     )
+    authorize = models.BooleanField(
+        default=False,
+        help_text=_('Whether to use the authorize mechanism.'),
+    )
+    authorize_password = models.CharField(
+        max_length=1024,
+        blank=True,
+        default='',
+        help_text=_('Password used by the authorize mechanism.'),
+    )
     client = models.CharField(
         max_length=128,
         blank=True,
diff --git a/awx/main/tasks.py b/awx/main/tasks.py
index 4d08944786..db47f3eaec 100644
--- a/awx/main/tasks.py
+++ b/awx/main/tasks.py
@@ -823,10 +823,10 @@ class RunJob(BaseTask):
             env['ANSIBLE_NET_USERNAME'] = network_cred.username
             env['ANSIBLE_NET_PASSWORD'] = decrypt_field(network_cred, 'password')
 
-            authorize = network_cred.become_method == 'sudo'
+            authorize = network_cred.authorize
             env['ANSIBLE_NET_AUTHORIZE'] = unicode(int(authorize))
             if authorize:
-                env['ANSIBLE_NET_AUTHORIZE_PASSWORD'] = decrypt_field(network_cred, 'become_password')
+                env['ANSIBLE_NET_AUTHORIZE_PASSWORD'] = decrypt_field(network_cred, 'authorize_password')
 
         # Set environment variables related to scan jobs
         if job.job_type == PERM_INVENTORY_SCAN:
diff --git a/awx/main/tests/unit/test_network_credential.py b/awx/main/tests/unit/test_network_credential.py
index 00621fb0a3..90f9959cfe 100644
--- a/awx/main/tests/unit/test_network_credential.py
+++ b/awx/main/tests/unit/test_network_credential.py
@@ -12,8 +12,8 @@ def options():
         'username':'test',
         'password':'test',
         'ssh_key_data': """-----BEGIN PRIVATE KEY-----\nstuff==\n-----END PRIVATE KEY-----""",
-        'become_method': 'sudo',
-        'become_password': 'passwd',
+        'authorize': True,
+        'authorize_password': 'passwd',
     }
 
 
@@ -30,7 +30,7 @@ def test_net_cred_parse(mocker, options):
         assert env['ANSIBLE_NET_USERNAME'] == options['username']
         assert env['ANSIBLE_NET_PASSWORD'] == options['password']
         assert env['ANSIBLE_NET_AUTHORIZE'] == '1'
-        assert env['ANSIBLE_NET_AUTHORIZE_PASSWORD'] == options['become_password']
+        assert env['ANSIBLE_NET_AUTHORIZE_PASSWORD'] == options['authorize_password']
 
 
 def test_net_cred_ssh_agent(mocker, options):