diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc
index dcb11518d8..1e5d215aa4 100644
--- a/nifi-docs/src/main/asciidoc/administration-guide.adoc
+++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc
@@ -150,8 +150,8 @@ NiFi provides several different configuration options for security purposes. The
                                 by the NiFi cluster protocol. If the Truststore properties are not set, this must be `false`. Otherwise, a value
                                 of `true` indicates that nodes in the cluster will be authenticated and must have certificates that are trusted 
                                 by the Truststores.
-|`nifi.security.anonymous.authorities` | Specifies the roles that should be granted to users that connect over HTTPS anonymously. All users will
-                                be given this level access, however if they have been granted a particular level of access by an administrator
+|`nifi.security.anonymous.authorities` | Specifies the roles that should be granted to users that connect over HTTPS anonymously. All users can make 
+                                use of anonymous access, however if they have been granted a particular level of access by an administrator
                                 it will take precedence if they access NiFi using a client certificate or once they have logged in. 
 |==================================================================================================================================================
 
diff --git a/nifi-docs/src/main/asciidoc/images/anonymous-access.png b/nifi-docs/src/main/asciidoc/images/anonymous-access.png
new file mode 100644
index 0000000000..1ecabcd10e
Binary files /dev/null and b/nifi-docs/src/main/asciidoc/images/anonymous-access.png differ
diff --git a/nifi-docs/src/main/asciidoc/images/login.png b/nifi-docs/src/main/asciidoc/images/login.png
new file mode 100644
index 0000000000..f474a9ea96
Binary files /dev/null and b/nifi-docs/src/main/asciidoc/images/login.png differ
diff --git a/nifi-docs/src/main/asciidoc/images/request-access.png b/nifi-docs/src/main/asciidoc/images/request-access.png
new file mode 100644
index 0000000000..f556894351
Binary files /dev/null and b/nifi-docs/src/main/asciidoc/images/request-access.png differ
diff --git a/nifi-docs/src/main/asciidoc/user-guide.adoc b/nifi-docs/src/main/asciidoc/user-guide.adoc
index fd405268f7..64421d7eeb 100644
--- a/nifi-docs/src/main/asciidoc/user-guide.adoc
+++ b/nifi-docs/src/main/asciidoc/user-guide.adoc
@@ -157,6 +157,32 @@ are in the cluster and how many are currently connected.
 image::status-bar.png["NiFi Status Bar"]
 
 
+[[logging-in]]
+Logging In
+---------
+
+If NiFi is configured to run securely, users will be able to request access to the DataFlow. For information on configuring NiFi to run 
+securely, see the link:administration-guide.html[Admin Guide]. If NiFi supports anonymous access, users will be given access 
+accordingly and given an option to log in.
+
+image::anonymous-access.png["Anonymous Access"]
+
+Clicking the 'login' link will open the log in page. If the user is logging in with their username/password they will be presented with
+a form to do so. If NiFi is not configured to support anonymous access and the user is logging in with their username/password, they will 
+be immediately sent to the login form bypassing the canvas.
+
+image::login.png["Log In"]
+
+Once the user has logged in or if they are accessing NiFi using a client certificate loaded in their browser, they will be prompted
+to request access by submitting a justification if this is the first time they have accessed this NiFi. Fill in an optional justification 
+that the administrator will review while granting the account access. If NiFi is not configured to support anonymous access and the 
+user is using a client certificate, they will be immediately sent to the form to request access bypassing the canvas and login form.
+
+image::request-access.png["Request Access"]
+
+Press Submit to send the account request. If NiFi supports anonymous access, the user can continue accessing the DataFlow by closing the
+login page. Returning to the login page will check the status of the account request. If access has been granted, press the home link or
+reload the page to assume the new roles.
 
 
 [[building-dataflow]]
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
index c73ec47542..326aa00efc 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
@@ -208,7 +208,7 @@ public class AccessResource extends ApplicationResource {
                         // no issues with authorization... verify authorities
                         accessStatus.setStatus(AccessStatusDTO.Status.ACTIVE.name());
                         if (userDetails.getAuthorities().isEmpty()) {
-                            accessStatus.setMessage("Your account is active but is unauthorized as no authorities have been granted.");
+                            accessStatus.setMessage("Your account is active but currently does not have any level of access.");
                         } else {
                             accessStatus.setMessage("Your account is active and you are already logged in.");
                         }
@@ -237,7 +237,7 @@ public class AccessResource extends ApplicationResource {
                     // no issues with authorization... verify authorities
                     accessStatus.setStatus(AccessStatusDTO.Status.ACTIVE.name());
                     if (userDetails.getAuthorities().isEmpty()) {
-                        accessStatus.setMessage("Your account is active but is unauthorized as no authorities have been granted.");
+                        accessStatus.setMessage("Your account is active but currently does not have any level of access.");
                     } else {
                         accessStatus.setMessage("Your account is active and you are already logged in.");
                     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js
index 6c05664daf..f2c9d2acd0 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js
@@ -87,6 +87,9 @@ nf.Login = (function () {
     };
 
     var login = function () {
+        // remove focus
+        $('#username, #password').blur();
+        
         // show the logging message...
         $('#login-progress-label').text('Logging in...');
         $('#login-progress-container').show();
@@ -218,6 +221,14 @@ nf.Login = (function () {
             if (nf.Storage.getItem('jwt') !== null) {
                 showLogoutLink();
             }
+            
+            // supporting logging in via enter press
+            $('#username, #password').on('keyup', function (e) {
+                var code = e.keyCode ? e.keyCode : e.which;
+                if (code === $.ui.keyCode.ENTER) {
+                    login();
+                }
+            });
 
             // access status
             var accessStatus = $.ajax({