@3ebs  The "Insufficient Permissions Untrusted proxy CN=Node_name,OU=NIFI" shown in the webui when you try to login is not an error.  It is an authorization issue. It tells me that you have a multi-node NiFi cluster setup. You are accessing the UI of one of the NiFi cluster nodes where you are successfully authenticating your user resulting the a user identity of "AMOHAMED279".    At this point your user is only successfully authenticated to the one node.  What that node does next is to load the NiFi canvas.  In order to display that canvas, information that the user is authorized to see (PG, stats, etc) must be collected from all nodes.  That requets is forwarded to the elected cluster coordinator node which then replicates that request to all nodes to get those details.  So the node itself acts as a proxy in this process making these requests on the authenticated users behalf.   In order for this to be successful, the NiFi nodes in your cluster must be authorized to proxy user requests.  This message is telling you that one or more of your node identities has not been authorized to proxy user requests. To help here more, I would need to know what you have configured in the authorizers.xml for user identity authorization.  The most common NiFi cluster setup utilizes the standardManagedAuthorizer which calls the file-access-policy-provider (builds the authorizations.xml if it does not already exist) which call one of the user-group-providers (There are multiple options: Composite-Configurable-User-Group-Provider, Composite-User-group-Provider, Ldap-User-Group-Provider, File-User-Group-Provider, etc.).   The user-group-providers are responsible for generating user identities (case sensitive) for the purpose of setting up authorization policies.  The file-user-group-provider is most commonly used to add the node user identities  by creating the users.xml (if it does not already exist). So somewhere in your authorizers.xml setup, your node user identities have not been added and/or authorized for various policies to include the very important "proxy user requests" which would have been automatically handled on initial startup and first creation of the authorizations.xml and users.xml files assuming a proper setup in the authorizers.xml. Resources: Authorizer Configuration FileUserGroupProvider LdapUserGroupProvider Composite Implementations FileAccessPolicyProvider StandardManagedAuthorizer Configuring Users & Access Policies Please help our community thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt   ... View more