diff --git a/website/source/api/acl/acl.html.md b/website/source/api/acl/acl.html.md
index 30418ae50..b4039b316 100644
--- a/website/source/api/acl/acl.html.md
+++ b/website/source/api/acl/acl.html.md
@@ -285,6 +285,14 @@ The table below shows this endpoint's support for
 | ---------------- | ----------------- | ------------- | ------------ |
 | `NO`             | `none`            | `none`        | `none`       |
 
+-> **Note** - To use the login process to create tokens in any connected
+secondary datacenter, [ACL
+replication](/docs/agent/options.html#acl_enable_token_replication) must be
+enabled. Login requires the ability to create local tokens which is restricted
+to the primary datacenter and any secondary datacenters with ACL token
+replication enabled.
+
+
 ### Parameters
 
 - `AuthMethod` `(string: <required>)` - The name of the auth method to use for login.
diff --git a/website/source/docs/acl/acl-auth-methods.html.md b/website/source/docs/acl/acl-auth-methods.html.md
index 53bd688ec..35194930e 100644
--- a/website/source/docs/acl/acl-auth-methods.html.md
+++ b/website/source/docs/acl/acl-auth-methods.html.md
@@ -54,6 +54,12 @@ using the API or command line before they can be used by applications.
   with the `consul acl binding-rule` subcommands or the corresponding [API
   endpoints](/api/acl/binding-rules.html).
 
+-> **Note** - To configure auth methods in any connected secondary datacenter,
+[ACL token replication](/docs/agent/options.html#acl_enable_token_replication)
+must be enabled.  Auth methods require the ability to create local tokens which
+is restricted to the primary datacenter and any secondary datacenters with ACL
+token replication enabled.
+
 ## Binding Rules
 
 Binding rules allow an operator to express a systematic way of automatically
diff --git a/website/source/docs/agent/options.html.md b/website/source/docs/agent/options.html.md
index 64fae288b..5be06bfb0 100644
--- a/website/source/docs/agent/options.html.md
+++ b/website/source/docs/agent/options.html.md
@@ -561,8 +561,11 @@ default will automatically work with some tooling.
      * <a name="acl_enable_key_list"></a><a href="#acl_enable_key_list">`enable_key_list`</a> - Either "enabled" or "disabled", defaults to "disabled". When enabled, the `list` permission will be required on the prefix being recursively read from the KV store. Regardless of being enabled, the full set of KV entries under the prefix will be filtered to remove any entries that the request's ACL token does not grant at least read persmissions. This option is only available in Consul 1.0 and newer.
 
      * <a name="acl_enable_token_replication"></a><a href="#acl_enable_token_replication">`enable_token_replication`</a> - By
-     default secondary Consul datacenters will perform replication of only ACL policies. Setting this configuration will
-     also enable ACL token replication.
+     default secondary Consul datacenters will perform replication of only ACL policies and roles.
+     Setting this configuration will will enable ACL token replication and
+     allow for the creation of both [local tokens](/api/acl/tokens.html#local)
+     and [auth methods](/docs/acl/acl-auth-methods.html) in connected secondary
+     datacenters.
 
      * <a name="acl_enable_token_persistence"></a><a href="#acl_enable_token_persistence">`enable_token_persistence`</a> - Either
     `true` or `false`. When `true` tokens set using the API will be persisted to disk and reloaded when an agent restarts.