diff --git a/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/GmsGraphQLEngine.java b/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/GmsGraphQLEngine.java
index a149f2c541..1cd91e38a3 100644
--- a/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/GmsGraphQLEngine.java
+++ b/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/GmsGraphQLEngine.java
@@ -1,5 +1,6 @@
 package com.linkedin.datahub.graphql;
 
+import com.datahub.authentication.AuthenticationConfiguration;
 import com.datahub.authentication.token.TokenService;
 import com.datahub.authorization.AuthorizationConfiguration;
 import com.google.common.collect.ImmutableList;
@@ -221,6 +222,7 @@ public class GmsGraphQLEngine {
     private final TimeseriesAspectService timeseriesAspectService;
 
     private final IngestionConfiguration ingestionConfiguration;
+    private final AuthenticationConfiguration authenticationConfiguration;
     private final AuthorizationConfiguration authorizationConfiguration;
     private final VisualConfiguration visualConfiguration;
 
@@ -288,6 +290,7 @@ public class GmsGraphQLEngine {
             null,
             null,
             null,
+            null,
             false,
             null);
     }
@@ -304,6 +307,7 @@ public class GmsGraphQLEngine {
         final EntityRegistry entityRegistry,
         final SecretService secretService,
         final IngestionConfiguration ingestionConfiguration,
+        final AuthenticationConfiguration authenticationConfiguration,
         final AuthorizationConfiguration authorizationConfiguration,
         final GitVersion gitVersion,
         final boolean supportsImpactAnalysis,
@@ -325,6 +329,7 @@ public class GmsGraphQLEngine {
         this.timeseriesAspectService = timeseriesAspectService;
 
         this.ingestionConfiguration = Objects.requireNonNull(ingestionConfiguration);
+        this.authenticationConfiguration = Objects.requireNonNull(authenticationConfiguration);
         this.authorizationConfiguration = Objects.requireNonNull(authorizationConfiguration);
         this.visualConfiguration = visualConfiguration;
 
@@ -562,6 +567,7 @@ public class GmsGraphQLEngine {
             .dataFetcher("appConfig",
                 new AppConfigResolver(gitVersion, analyticsService != null,
                     this.ingestionConfiguration,
+                    this.authenticationConfiguration,
                     this.authorizationConfiguration,
                     supportsImpactAnalysis, this.visualConfiguration))
             .dataFetcher("me", new AuthenticatedResolver<>(
diff --git a/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/config/AppConfigResolver.java b/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/config/AppConfigResolver.java
index d692ddf10e..8fda3c198c 100644
--- a/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/config/AppConfigResolver.java
+++ b/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/config/AppConfigResolver.java
@@ -1,9 +1,11 @@
 package com.linkedin.datahub.graphql.resolvers.config;
 
+import com.datahub.authentication.AuthenticationConfiguration;
 import com.datahub.authorization.AuthorizationConfiguration;
 import com.linkedin.datahub.graphql.QueryContext;
 import com.linkedin.datahub.graphql.generated.AnalyticsConfig;
 import com.linkedin.datahub.graphql.generated.AppConfig;
+import com.linkedin.datahub.graphql.generated.AuthConfig;
 import com.linkedin.datahub.graphql.generated.EntityType;
 import com.linkedin.datahub.graphql.generated.IdentityManagementConfig;
 import com.linkedin.datahub.graphql.generated.LineageConfig;
@@ -28,6 +30,7 @@ public class AppConfigResolver implements DataFetcher<CompletableFuture<AppConfi
   private final GitVersion _gitVersion;
   private final boolean _isAnalyticsEnabled;
   private final IngestionConfiguration _ingestionConfiguration;
+  private final AuthenticationConfiguration _authenticationConfiguration;
   private final AuthorizationConfiguration _authorizationConfiguration;
   private final boolean _supportsImpactAnalysis;
   private final VisualConfiguration _visualConfiguration;
@@ -36,12 +39,14 @@ public class AppConfigResolver implements DataFetcher<CompletableFuture<AppConfi
       final GitVersion gitVersion,
       final boolean isAnalyticsEnabled,
       final IngestionConfiguration ingestionConfiguration,
+      final AuthenticationConfiguration authenticationConfiguration,
       final AuthorizationConfiguration authorizationConfiguration,
       final boolean supportsImpactAnalysis,
       final VisualConfiguration visualConfiguration) {
     _gitVersion = gitVersion;
     _isAnalyticsEnabled = isAnalyticsEnabled;
     _ingestionConfiguration = ingestionConfiguration;
+    _authenticationConfiguration = authenticationConfiguration;
     _authorizationConfiguration = authorizationConfiguration;
     _supportsImpactAnalysis = supportsImpactAnalysis;
     _visualConfiguration = visualConfiguration;
@@ -63,6 +68,9 @@ public class AppConfigResolver implements DataFetcher<CompletableFuture<AppConfi
     final AnalyticsConfig analyticsConfig = new AnalyticsConfig();
     analyticsConfig.setEnabled(_isAnalyticsEnabled);
 
+    final AuthConfig authConfig = new AuthConfig();
+    authConfig.setTokenAuthEnabled(_authenticationConfiguration.isEnabled());
+
     final PoliciesConfig policiesConfig = new PoliciesConfig();
     policiesConfig.setEnabled(_authorizationConfiguration.getDefaultAuthorizer().isEnabled());
 
@@ -82,11 +90,12 @@ public class AppConfigResolver implements DataFetcher<CompletableFuture<AppConfi
 
     final ManagedIngestionConfig ingestionConfig = new ManagedIngestionConfig();
     ingestionConfig.setEnabled(_ingestionConfiguration.isEnabled());
+    appConfig.setAuthConfig(authConfig);
     appConfig.setAnalyticsConfig(analyticsConfig);
     appConfig.setPoliciesConfig(policiesConfig);
     appConfig.setIdentityManagementConfig(identityManagementConfig);
     appConfig.setManagedIngestionConfig(ingestionConfig);
-
+    appConfig.setAuthConfig(authConfig);
     appConfig.setVisualConfig(_visualConfiguration);
 
     return CompletableFuture.completedFuture(appConfig);
diff --git a/datahub-graphql-core/src/main/resources/app.graphql b/datahub-graphql-core/src/main/resources/app.graphql
index bd4bec148a..a1ce09a6d7 100644
--- a/datahub-graphql-core/src/main/resources/app.graphql
+++ b/datahub-graphql-core/src/main/resources/app.graphql
@@ -78,6 +78,11 @@ type AppConfig {
   """
   appVersion: String
 
+  """
+  Auth-related configurations
+  """
+  authConfig: AuthConfig!
+
   """
   Configurations related to the Analytics Feature
   """
@@ -139,6 +144,17 @@ type AnalyticsConfig {
   enabled: Boolean!
 }
 
+"""
+Configurations related to auth
+"""
+type AuthConfig {
+  """
+  Whether token-based auth is enabled.
+  """
+  tokenAuthEnabled: Boolean!
+}
+
+
 """
 Configurations related to the Policies Feature
 """
diff --git a/datahub-web-react/src/app/settings/AccessTokens.tsx b/datahub-web-react/src/app/settings/AccessTokens.tsx
index a0ace604ee..a205dba57a 100644
--- a/datahub-web-react/src/app/settings/AccessTokens.tsx
+++ b/datahub-web-react/src/app/settings/AccessTokens.tsx
@@ -1,6 +1,8 @@
-import { Button, Divider, Select, Typography } from 'antd';
+import { InfoCircleOutlined } from '@ant-design/icons';
+import { Alert, Button, Divider, Select, Typography } from 'antd';
 import React, { useEffect, useState } from 'react';
 import styled from 'styled-components';
+import { useAppConfigQuery } from '../../graphql/app.generated';
 import { useGetAccessTokenLazyQuery } from '../../graphql/auth.generated';
 import { AccessTokenDuration, AccessTokenType } from '../../types.generated';
 import { useGetAuthenticatedUser } from '../useGetAuthenticatedUser';
@@ -32,6 +34,16 @@ const ExpirationSelectConainer = styled.div`
     padding-bottom: 12px;
 `;
 
+const StyledAlert = styled(Alert)`
+    padding-top: 12px;
+    padding-bottom: 12px;
+    margin-bottom: 20px;
+`;
+
+const StyledInfoCircleOutlined = styled(InfoCircleOutlined)`
+    margin-right: 8px;
+`;
+
 const ExpirationDurationSelect = styled(Select)`
     && {
         width: 120px;
@@ -51,7 +63,9 @@ export const AccessTokens = () => {
     const [showModal, setShowModal] = useState(false);
     const [selectedTokenDuration, setSelectedTokenDuration] = useState(ACCESS_TOKEN_DURATIONS[0].duration);
     const authenticatedUser = useGetAuthenticatedUser();
-    const canGeneratePersonalAccessTokens = authenticatedUser?.platformPrivileges.generatePersonalAccessTokens;
+    const isTokenAuthEnabled = useAppConfigQuery().data?.appConfig?.authConfig?.tokenAuthEnabled;
+    const canGeneratePersonalAccessTokens =
+        isTokenAuthEnabled && authenticatedUser?.platformPrivileges.generatePersonalAccessTokens;
     const currentUserUrn = authenticatedUser?.corpUser.urn;
 
     const [getAccessToken, { data, error }] = useGetAccessTokenLazyQuery({
@@ -94,6 +108,18 @@ export const AccessTokens = () => {
                 Manage Access Tokens for use with DataHub APIs.
             </Typography.Paragraph>
             <Divider />
+            {isTokenAuthEnabled === false && (
+                <StyledAlert
+                    type="error"
+                    message={
+                        <span>
+                            <StyledInfoCircleOutlined />
+                            Token based authentication is currently disabled. Contact your DataHub administrator to
+                            enable this feature.
+                        </span>
+                    }
+                />
+            )}
             <Typography.Title level={5}>Personal Access Tokens</Typography.Title>
             <PersonTokenDescriptionText type="secondary">
                 Personal Access Tokens allow you to make programmatic requests to DataHub&apos;s APIs. They inherit your
diff --git a/datahub-web-react/src/appConfigContext.tsx b/datahub-web-react/src/appConfigContext.tsx
index 7e294dd38c..0c0b3bde62 100644
--- a/datahub-web-react/src/appConfigContext.tsx
+++ b/datahub-web-react/src/appConfigContext.tsx
@@ -22,6 +22,9 @@ export const DEFAULT_APP_CONFIG = {
     visualConfig: {
         logoUrl: undefined,
     },
+    authConfig: {
+        tokenAuthEnabled: false,
+    },
 };
 
 export const AppConfigContext = React.createContext<{
diff --git a/datahub-web-react/src/graphql/app.graphql b/datahub-web-react/src/graphql/app.graphql
index b36f163cf6..40f7cba9d6 100644
--- a/datahub-web-react/src/graphql/app.graphql
+++ b/datahub-web-react/src/graphql/app.graphql
@@ -22,6 +22,9 @@ query appConfig {
         analyticsConfig {
             enabled
         }
+        authConfig {
+            tokenAuthEnabled
+        }
         identityManagementConfig {
             enabled
         }
diff --git a/metadata-service/factories/src/main/java/com/linkedin/gms/factory/graphql/GraphQLEngineFactory.java b/metadata-service/factories/src/main/java/com/linkedin/gms/factory/graphql/GraphQLEngineFactory.java
index 6e67c3e8a5..6538f4af21 100644
--- a/metadata-service/factories/src/main/java/com/linkedin/gms/factory/graphql/GraphQLEngineFactory.java
+++ b/metadata-service/factories/src/main/java/com/linkedin/gms/factory/graphql/GraphQLEngineFactory.java
@@ -116,6 +116,7 @@ public class GraphQLEngineFactory {
           _entityRegistry,
           _secretService,
           _configProvider.getIngestion(),
+          _configProvider.getAuthentication(),
           _configProvider.getAuthorization(),
           _gitVersion,
           _graphService.supportsMultiHop(),
@@ -134,6 +135,7 @@ public class GraphQLEngineFactory {
         _entityRegistry,
         _secretService,
         _configProvider.getIngestion(),
+        _configProvider.getAuthentication(),
         _configProvider.getAuthorization(),
         _gitVersion,
         _graphService.supportsMultiHop(),