diff --git a/app/credentials-management/doc/images/CredentialsManagement.png b/app/credentials-management/doc/images/CredentialsManagement.png
index 0828b9ec63..a76b53e6bd 100644
Binary files a/app/credentials-management/doc/images/CredentialsManagement.png and b/app/credentials-management/doc/images/CredentialsManagement.png differ
diff --git a/app/credentials-management/doc/images/CredentialsManagement_Empty.png b/app/credentials-management/doc/images/CredentialsManagement_Empty.png
deleted file mode 100644
index 1f36f43bc6..0000000000
Binary files a/app/credentials-management/doc/images/CredentialsManagement_Empty.png and /dev/null differ
diff --git a/app/credentials-management/doc/images/CredentialsManagement_empty.png b/app/credentials-management/doc/images/CredentialsManagement_empty.png
new file mode 100644
index 0000000000..9f5244c926
Binary files /dev/null and b/app/credentials-management/doc/images/CredentialsManagement_empty.png differ
diff --git a/app/credentials-management/doc/images/CredentialsManagement_one_failed.png b/app/credentials-management/doc/images/CredentialsManagement_one_failed.png
new file mode 100644
index 0000000000..5d61845fc0
Binary files /dev/null and b/app/credentials-management/doc/images/CredentialsManagement_one_failed.png differ
diff --git a/app/credentials-management/doc/index.rst b/app/credentials-management/doc/index.rst
index f18b4b9d4f..4236ea59bc 100644
--- a/app/credentials-management/doc/index.rst
+++ b/app/credentials-management/doc/index.rst
@@ -8,18 +8,25 @@ Further, Phoebus may be configured to store the credentials entered by the user
 In order to also support an explicit logout capability, the Credentials Management application offers means to
 remove stored credentials.
 
-In some cases an explicit login procedure can be useful, e.g. login to service for the purpose of storing
-user credentials and thereby support automated creation of logbook entries.
-
 The application is launched using the dedicated button in the (bottom) status bar.
 
-The below screen shot shows an example where credentials have been stored for the "logbook" scope,
-plus an option to login to the "<remote service>" scope. User may also choose to "logout" from all scopes,
+The below screen shot shows an example where credentials have been stored for the "Logbook" scope,
+plus an option to login to the "<remote service>" scope. User may also choose to "Logout from all" services,
 i.e. to remove all stored credentials.
 
 .. image:: images/CredentialsManagement.png
 
-If no credentials are stored in the credentials store, and if no services supporting authentication have been configured,
+If no credentials are stored in the credentials store, and if no services supporting authentication are available,
 the Credentials Management UI will show a static message:
 
-.. image:: images/CredentialsManagement_Empty.png
\ No newline at end of file
+.. image:: images/CredentialsManagement_empty.png
+
+The "Login To All" button can be used to login to all services as a single action.
+In this case credentials entered in the text fields of toolbar at the top are used for all services, irrespective of
+the credentials (if any) entered in other input fields.
+
+If login to a service fails (service off-line or invalid credentials), this is indicated in the "Login Result" column.
+
+.. image:: images/CredentialsManagement_one_failed.png
+
+If on the other hand login succeeds to a single or all services, the dialog is closed automatically.
\ No newline at end of file
diff --git a/app/credentials-management/src/main/java/org/phoebus/applications/credentialsmanagement/CredentialsManagementController.java b/app/credentials-management/src/main/java/org/phoebus/applications/credentialsmanagement/CredentialsManagementController.java
index 1aa73f5786..c00cfaa0b0 100644
--- a/app/credentials-management/src/main/java/org/phoebus/applications/credentialsmanagement/CredentialsManagementController.java
+++ b/app/credentials-management/src/main/java/org/phoebus/applications/credentialsmanagement/CredentialsManagementController.java
@@ -19,22 +19,32 @@
 package org.phoebus.applications.credentialsmanagement;
 
 import javafx.application.Platform;
+import javafx.beans.binding.Bindings;
+import javafx.beans.property.IntegerProperty;
+import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.SimpleBooleanProperty;
+import javafx.beans.property.SimpleIntegerProperty;
+import javafx.beans.property.SimpleObjectProperty;
+import javafx.beans.property.SimpleStringProperty;
+import javafx.beans.property.StringProperty;
 import javafx.collections.FXCollections;
 import javafx.collections.ObservableList;
 import javafx.event.ActionEvent;
 import javafx.fxml.FXML;
 import javafx.scene.Node;
 import javafx.scene.control.Button;
+import javafx.scene.control.Label;
 import javafx.scene.control.PasswordField;
 import javafx.scene.control.TableCell;
 import javafx.scene.control.TableColumn;
 import javafx.scene.control.TableView;
 import javafx.scene.control.TextField;
+import javafx.scene.control.Tooltip;
 import javafx.scene.input.KeyCode;
 import javafx.stage.Stage;
 import javafx.util.Callback;
 import org.phoebus.framework.jobs.JobManager;
+import org.phoebus.security.authorization.AuthenticationStatus;
 import org.phoebus.security.authorization.ServiceAuthenticationProvider;
 import org.phoebus.security.store.SecureStore;
 import org.phoebus.security.tokens.AuthenticationScope;
@@ -53,22 +63,40 @@
  */
 public class CredentialsManagementController {
 
+    @SuppressWarnings("unused")
     @FXML
     private Node parent;
 
+    @SuppressWarnings("unused")
     @FXML
     private TableView<ServiceItem> tableView;
+    @SuppressWarnings("unused")
     @FXML
-    private TableColumn<ServiceItem, Void> actionButtonColumn;
+    private TableColumn<ServiceItem, ServiceItem> actionButtonColumn;
+    @SuppressWarnings("unused")
     @FXML
-    private TableColumn<ServiceItem, String> usernameColumn;
+    private TableColumn<ServiceItem, StringProperty> usernameColumn;
+    @SuppressWarnings("unused")
     @FXML
-    private TableColumn<ServiceItem, String> passwordColumn;
+    private TableColumn<ServiceItem, StringProperty> passwordColumn;
+    @SuppressWarnings("unused")
     @FXML
-    private Button clearAllCredentialsButton;
-
+    private TableColumn<ServiceItem, StringProperty> loginResultColumn;
+    @SuppressWarnings("unused")
+    @FXML
+    private Button loginToAllButton;
+    @SuppressWarnings("unused")
+    @FXML
+    private Button logoutFromAllButton;
+    @SuppressWarnings("unused")
     @FXML
-    private TableColumn scopeColumn;
+    private TextField loginToAllUsernameTextField;
+    @SuppressWarnings("unused")
+    @FXML
+    private PasswordField loginToAllPasswordTextField;
+    @SuppressWarnings("unused")
+    @FXML
+    private TableColumn<ServiceItem, String> scopeColumn;
 
     private final SimpleBooleanProperty listEmpty = new SimpleBooleanProperty(true);
     private final ObservableList<ServiceItem> serviceItems =
@@ -76,102 +104,156 @@ public class CredentialsManagementController {
     private final SecureStore secureStore;
     private static final Logger LOGGER = Logger.getLogger(CredentialsManagementController.class.getName());
     private final List<ServiceAuthenticationProvider> authenticationProviders;
+    private final StringProperty loginToAllUsernameProperty = new SimpleStringProperty();
+    private final StringProperty loginToAllPasswordProperty = new SimpleStringProperty();
+    private final IntegerProperty providerCount = new SimpleIntegerProperty(0);
+
+    /**
+     * <code>true</code> if user is logged in to at least one service (scope).
+     */
+    private final IntegerProperty loggedInCount = new SimpleIntegerProperty(0);
 
     private Stage stage;
 
     public CredentialsManagementController(List<ServiceAuthenticationProvider> authenticationProviders, SecureStore secureStore) {
         this.authenticationProviders = authenticationProviders;
         this.secureStore = secureStore;
+        providerCount.set(this.authenticationProviders.size());
     }
 
+    @SuppressWarnings("unused")
     @FXML
     public void initialize() {
 
-        tableView.setColumnResizePolicy(TableView.CONSTRAINED_RESIZE_POLICY);
-        clearAllCredentialsButton.disableProperty().bind(listEmpty);
-        Callback<TableColumn<ServiceItem, Void>, TableCell<ServiceItem, Void>> actionColumnCellFactory = new Callback<>() {
+        tableView.setSelectionModel(null);
+        tableView.getStylesheets().add(getClass().getResource("/css/credentials-management-style.css").toExternalForm());
+
+        usernameColumn.setCellFactory(c -> new UsernameTableCell());
+        passwordColumn.setCellFactory(c -> new PasswordTableCell());
+        loginResultColumn.setCellFactory(c -> new LoginResultTableCell());
+
+        loginToAllUsernameTextField.visibleProperty().bind(Bindings.createBooleanBinding(() -> providerCount.get() > 1, providerCount));
+        loginToAllPasswordTextField.visibleProperty().bind(Bindings.createBooleanBinding(() -> providerCount.get() > 1, providerCount));
+        loginToAllUsernameTextField.textProperty().bindBidirectional(loginToAllUsernameProperty);
+        loginToAllPasswordTextField.textProperty().bindBidirectional(loginToAllPasswordProperty);
+
+        loginToAllButton.visibleProperty().bind(Bindings.createBooleanBinding(() -> providerCount.get() > 1, providerCount));
+        // Login to all button enabled only if non-empty username and password is present
+        loginToAllButton.disableProperty().bind(Bindings.createBooleanBinding(() -> loginToAllUsernameProperty.get() == null ||
+                        loginToAllUsernameProperty.get().isEmpty() ||
+                        loginToAllPasswordProperty.get() == null ||
+                        loginToAllPasswordProperty.get().isEmpty(),
+                loginToAllUsernameProperty, loginToAllPasswordProperty));
+
+        logoutFromAllButton.disableProperty().bind(Bindings.createBooleanBinding(() -> loggedInCount.get() == 0, loggedInCount));
+        actionButtonColumn.setCellValueFactory(param -> new SimpleObjectProperty<>(param.getValue()));
+
+        configureCellFactory();
+
+        updateTable();
+
+        // Don't want focus on the username field for "login to all" as that obscures the prompt.
+        // Let table request focus.
+        Platform.runLater(() -> tableView.requestFocus());
+
+    }
+
+    private void configureCellFactory() {
+        Callback<TableColumn<ServiceItem, ServiceItem>, TableCell<ServiceItem, ServiceItem>> actionColumnCellFactory = new Callback<>() {
             @Override
-            public TableCell<ServiceItem, Void> call(final TableColumn<ServiceItem, Void> param) {
-                final TableCell<ServiceItem, Void> cell = new TableCell<>() {
+            public TableCell<ServiceItem, ServiceItem> call(final TableColumn<ServiceItem, ServiceItem> param) {
+                return new TableCell<>() {
 
                     private final Button btn = new Button(Messages.LogoutButtonText);
+
                     {
                         btn.getStyleClass().add("button-style");
                         btn.setOnAction((ActionEvent event) -> {
-                            ServiceItem serviceItem = getTableView().getItems().get(getIndex());
-                            if(serviceItem.isLoginAction()){
-                                login(serviceItem);
-                            }
-                            else{
-                                logOut(serviceItem.getAuthenticationScope());
+                            ServiceItem serviceItem = getTableRow().getItem();
+                            if (serviceItem != null && (serviceItem.authenticationStatus.get().equals(AuthenticationStatus.AUTHENTICATED) ||
+                                    serviceItem.authenticationStatus.get().equals(AuthenticationStatus.CACHED))) {
+                                logOut(serviceItem);
+                            } else {
+                                login(serviceItem, 1);
                             }
                         });
                     }
 
                     @Override
-                    public void updateItem(Void o, boolean empty) {
-                        super.updateItem(o, empty);
+                    public void updateItem(ServiceItem serviceItem, boolean empty) {
+                        super.updateItem(serviceItem, empty);
                         if (empty) {
                             setGraphic(null);
                         } else {
-                            if(getTableRow() != null && getTableRow().getItem() != null){
-                                btn.setText(getTableRow().getItem().loginAction ?
-                                        Messages.LoginButtonText : Messages.LogoutButtonText);
-                            }
+                            btn.textProperty().bind(serviceItem.buttonTextProperty);
+                            btn.disableProperty().bind(Bindings.createBooleanBinding(() ->
+                                            serviceItem.username.isNull().get() || serviceItem.username.get().isEmpty() ||
+                                                    serviceItem.password.isNull().get() || serviceItem.password.get().isEmpty(),
+                                    serviceItem.username, serviceItem.password));
                             setGraphic(btn);
                         }
                     }
                 };
-                return cell;
             }
         };
         actionButtonColumn.setCellFactory(actionColumnCellFactory);
-        usernameColumn.setCellFactory(c -> new UsernameTableCell());
-        passwordColumn.setCellFactory(c -> new PasswordTableCell());
-
-        updateTable();
     }
 
+    @SuppressWarnings("unused")
     @FXML
-    public void logOutFromAll() {
+    public synchronized void logoutFromAll() {
         try {
-            secureStore.deleteAllScopedAuthenticationTokens();
-            updateTable();
+            tableView.getItems().forEach(s -> logOut(s));
         } catch (Exception e) {
             LOGGER.log(Level.WARNING, "Failed to delete all authentication tokens from key store", e);
             ExceptionDetailsErrorDialog.openError(parent, Messages.ErrorDialogTitle, Messages.ErrorDialogBody, e);
         }
     }
 
+    @SuppressWarnings("unused")
+    @FXML
+    public synchronized void loginToAll() {
+        logoutFromAll();
+        try {
+            for (ServiceItem serviceItem : tableView.getItems()) {
+                serviceItem.username.set(loginToAllUsernameProperty.get());
+                serviceItem.password.set(loginToAllPasswordProperty.get());
+                login(serviceItem, tableView.getItems().size());
+            }
+            if (loggedInCount.get() == tableView.getItems().size()) {
+                stage.close();
+            }
+        } catch (Exception e) {
+            LOGGER.log(Level.WARNING, "Failed to login to all services", e);
+        }
+    }
+
     /**
-     * Attempts to sign in user based on provided credentials. If sign-in succeeds, this method will close the
-     * associated UI.
+     * Attempts to sign in user based on provided credentials.
+     *
      * @param serviceItem The {@link ServiceItem} defining the scope, and implicitly the authentication service.
+     * @return <code>true</code> if login succeeds.
      */
-    private void login(ServiceItem serviceItem){
-        try {
-            serviceItem.getServiceAuthenticationProvider().authenticate(serviceItem.getUsername(), serviceItem.getPassword());
-            try {
-                secureStore.setScopedAuthentication(new ScopedAuthenticationToken(serviceItem.getAuthenticationScope(),
-                        serviceItem.getUsername(),
-                        serviceItem.getPassword()));
+    private synchronized void login(ServiceItem serviceItem, int expectedLoginCount) {
+        AuthenticationStatus authenticationResult = serviceItem.login();
+        if (authenticationResult.equals(AuthenticationStatus.AUTHENTICATED)) {
+            loggedInCount.set(loggedInCount.get() + 1);
+            if (expectedLoginCount == loggedInCount.get()) {
                 stage.close();
-            } catch (Exception exception) {
-                LOGGER.log(Level.WARNING, "Failed to store credentials", exception);
             }
-        } catch (Exception exception) {
-            LOGGER.log(Level.WARNING, "Failed to login to service", exception);
-            ExceptionDetailsErrorDialog.openError(parent, "Login Failure", "Failed to login to service", exception);
         }
     }
 
-    private void logOut(AuthenticationScope scope) {
-        try {
-            secureStore.deleteScopedAuthenticationToken(scope);
-            updateTable();
-        } catch (Exception e) {
-            LOGGER.log(Level.WARNING, "Failed to logout from scope " + scope, e);
-            ExceptionDetailsErrorDialog.openError(parent, Messages.ErrorDialogTitle, Messages.ErrorDialogBody, e);
+    private synchronized void logOut(ServiceItem serviceItem) {
+        if (serviceItem.authenticationStatus.get().equals(AuthenticationStatus.AUTHENTICATED)
+                || serviceItem.authenticationStatus.get().equals(AuthenticationStatus.CACHED)) {
+            try {
+                serviceItem.logout();
+                loggedInCount.set(loggedInCount.get() - 1);
+                Platform.runLater(() -> tableView.requestFocus());
+            } catch (Exception e) {
+                LOGGER.log(Level.WARNING, "Failed to logout from service " + serviceItem.getDisplayName(), e);
+            }
         }
     }
 
@@ -181,19 +263,21 @@ private void updateTable() {
             // Match saved tokens with an authentication provider, where applicable
             List<ServiceItem> serviceItems = savedTokens.stream().map(token -> {
                 ServiceAuthenticationProvider provider =
-                        authenticationProviders.stream().filter(p-> p.getAuthenticationScope().equals(token.getAuthenticationScope())).findFirst().orElse(null);
-                return new ServiceItem(provider, token.getUsername(), token.getPassword());
+                        authenticationProviders.stream().filter(p -> p.getAuthenticationScope().getScope().equals(token.getAuthenticationScope().getScope())).findFirst().orElse(null);
+                loggedInCount.set(loggedInCount.get() + 1);
+                return new ServiceItem(provider, AuthenticationStatus.CACHED, token.getUsername(), token.getPassword());
             }).collect(Collectors.toList());
             // Also need to add ServiceItems for providers not matched with a saved token, i.e. for logged-out services
             authenticationProviders.forEach(p -> {
                 Optional<ServiceItem> serviceItem =
                         serviceItems.stream().filter(si ->
-                                p.getAuthenticationScope().equals(si.getAuthenticationScope())).findFirst();
-                if(serviceItem.isEmpty()){
-                    serviceItems.add(new ServiceItem(p));
+                                p.getAuthenticationScope().getScope().equals(si.getAuthenticationScope().getScope())).findFirst();
+                if (serviceItem.isEmpty()) {
+                    serviceItems.add(new ServiceItem(p, AuthenticationStatus.UNDETERMINED, null, null));
                 }
             });
-            serviceItems.sort(Comparator.comparing(ServiceItem::getAuthenticationScope));
+            serviceItems.sort(Comparator.comparing(i -> i.getAuthenticationScope().getDisplayName()));
+
             Platform.runLater(() -> {
                 this.serviceItems.setAll(serviceItems);
                 listEmpty.set(savedTokens.isEmpty());
@@ -205,29 +289,56 @@ private void updateTable() {
     /**
      * Model class for the table view
      */
-    public static class ServiceItem {
+    public class ServiceItem {
         private final ServiceAuthenticationProvider serviceAuthenticationProvider;
-        private String username;
-        private String password;
-        private boolean loginAction = false;
-
-        public ServiceItem(ServiceAuthenticationProvider serviceAuthenticationProvider, String username, String password) {
-            this.serviceAuthenticationProvider = serviceAuthenticationProvider;
-            this.username = username;
-            this.password = password;
-        }
-
-        public ServiceItem(ServiceAuthenticationProvider serviceAuthenticationProvider) {
+        private final StringProperty username = new SimpleStringProperty();
+        private final StringProperty password = new SimpleStringProperty();
+        private final StringProperty buttonTextProperty = new SimpleStringProperty();
+        private final StringProperty loginResultMessage = new SimpleStringProperty();
+        private final ObjectProperty<AuthenticationStatus> authenticationStatus = new SimpleObjectProperty<>();
+
+        public ServiceItem(ServiceAuthenticationProvider serviceAuthenticationProvider, AuthenticationStatus authenticationResult, String username, String password) {
+            setupChangeListeners();
             this.serviceAuthenticationProvider = serviceAuthenticationProvider;
-            loginAction = true;
+            this.username.set(username);
+            this.password.set(password);
+            this.authenticationStatus.set(authenticationResult);
         }
 
-        public String getUsername() {
-            return username;
+        private void setupChangeListeners() {
+            this.authenticationStatus.addListener((obs, o, n) -> {
+                switch (n) {
+                    case UNDETERMINED -> {
+                        loginResultMessage.set(null);
+                        buttonTextProperty.set(Messages.LoginButtonText);
+                    }
+                    case CACHED -> {
+                        loginResultMessage.set(null);
+                        buttonTextProperty.set(Messages.LogoutButtonText);
+                    }
+                    case AUTHENTICATED -> {
+                        loginResultMessage.set("OK");
+                        buttonTextProperty.set(Messages.LogoutButtonText);
+                    }
+                    case BAD_CREDENTIALS -> {
+                        loginResultMessage.set(Messages.UserNotAuthenticated);
+                        buttonTextProperty.set(Messages.LoginButtonText);
+                    }
+                    case SERVICE_OFFLINE -> {
+                        loginResultMessage.set(Messages.ServiceConnectionFailure);
+                        buttonTextProperty.set(Messages.LoginButtonText);
+                    }
+                    case UNKNOWN_ERROR -> {
+                        loginResultMessage.set(Messages.UnknownError);
+                        buttonTextProperty.set(Messages.LoginButtonText);
+                    }
+                }
+            });
         }
 
-        public void setUsername(String username){
-            this.username = username;
+        @SuppressWarnings("unused")
+        public StringProperty getLoginResultMessage() {
+            return loginResultMessage;
         }
 
         public AuthenticationScope getAuthenticationScope() {
@@ -239,79 +350,103 @@ public AuthenticationScope getAuthenticationScope() {
          * @return String representation of the authentication scope.
          */
         @SuppressWarnings("unused")
-        public String getScope(){
+        public String getScope() {
             return serviceAuthenticationProvider != null ?
-                    serviceAuthenticationProvider.getAuthenticationScope().getName() : "";
+                    serviceAuthenticationProvider.getAuthenticationScope().getScope() : "";
         }
 
-        public String getPassword(){
-            return password;
+        @SuppressWarnings("unused")
+        public String getDisplayName() {
+            return serviceAuthenticationProvider != null ?
+                    serviceAuthenticationProvider.getAuthenticationScope().getDisplayName() : "";
         }
 
-        public void setPassword(String password){
-            this.password = password;
+        @SuppressWarnings("unused")
+        public StringProperty getUsername(){
+            return username;
         }
 
-        public ServiceAuthenticationProvider getServiceAuthenticationProvider() {
-            return serviceAuthenticationProvider;
+        @SuppressWarnings("unused")
+        public StringProperty getPassword(){
+            return password;
         }
 
-        public boolean isLoginAction(){
-            return loginAction;
+        public void logout() {
+            serviceAuthenticationProvider.logout();
+            authenticationStatus.set(AuthenticationStatus.UNDETERMINED);
+            username.set(null);
+            password.set(null);
         }
-    }
-    private class UsernameTableCell extends TableCell<ServiceItem, String>{
-        private final TextField textField = new TextField();
 
-        public UsernameTableCell(){
-            textField.getStyleClass().add("text-field-styling");
-            // Update model on key up
-            textField.setOnKeyReleased(ke -> getTableRow().getItem().setUsername(textField.getText()));
+        public AuthenticationStatus login() {
+            AuthenticationStatus authenticationStatus = serviceAuthenticationProvider.authenticate(username.get(), password.get());
+            if (authenticationStatus.equals(AuthenticationStatus.AUTHENTICATED)) {
+                try {
+                    secureStore.setScopedAuthentication(new ScopedAuthenticationToken(getAuthenticationScope(),
+                            username.get(),
+                            password.get()));
+                } catch (Exception e) {
+                    LOGGER.log(Level.WARNING, "Failed to store user credentials");
+                }
+            }
+            this.authenticationStatus.set(authenticationStatus);
+            return authenticationStatus;
         }
+    }
+
+    private class UsernameTableCell extends TableCell<ServiceItem, StringProperty> {
 
         @Override
-        protected void updateItem(String item, final boolean empty)
-        {
+        public void updateItem(StringProperty item, final boolean empty) {
             super.updateItem(item, empty);
-            if(empty){
+            if (empty) {
                 setGraphic(null);
-            }
-            else{
-                textField.setText(item);
-                if(getTableRow() != null && getTableRow().getItem() != null){
-                    // Disable field if user is logged in.
-                    textField.disableProperty().set(!getTableRow().getItem().loginAction);
-                }
+            } else {
+                ServiceItem serviceItem = getTableRow().getItem();
+                TextField textField = new TextField();
+                textField.getStyleClass().add("text-field-styling");
+                textField.textProperty().bindBidirectional(serviceItem.username);
+                textField.disableProperty().bind(Bindings.createBooleanBinding(() -> serviceItem.authenticationStatus.get().equals(AuthenticationStatus.AUTHENTICATED),
+                        serviceItem.authenticationStatus));
+                textField.setOnKeyPressed(keyEvent -> {
+                    if (keyEvent.getCode() == KeyCode.ENTER &&
+                            !serviceItem.username.isNull().get() &&
+                            !serviceItem.username.get().isEmpty() &&
+                            !serviceItem.password.isNull().get() &&
+                            !serviceItem.password.get().isEmpty()) {
+                        CredentialsManagementController.this.login(serviceItem, 1);
+                    }
+                });
                 setGraphic(textField);
             }
         }
     }
 
-    private class PasswordTableCell extends TableCell<ServiceItem, String>{
-        private final PasswordField passwordField = new PasswordField();
-
-        public PasswordTableCell(){
-            passwordField.getStyleClass().add("text-field-styling");
-            // Update model on key up
-            passwordField.setOnKeyReleased(ke -> getTableRow().getItem().setPassword(passwordField.getText()));
-        }
+    private class PasswordTableCell extends TableCell<ServiceItem, StringProperty> {
 
         @Override
-        protected void updateItem(String item, final boolean empty)
-        {
+        protected void updateItem(StringProperty item, final boolean empty) {
             super.updateItem(item, empty);
-            if(empty){
+            if (empty) {
                 setGraphic(null);
-            }
-            else{
-                passwordField.setText(item == null ? item : "dummypass"); // Hack to not reveal password length
-                if(getTableRow() != null && getTableRow().getItem() != null) {
-                    // Disable field if user is logged in.
-                    passwordField.disableProperty().set(!getTableRow().getItem().loginAction);
-                }
+            } else {
+                PasswordField passwordField = new PasswordField();
+                passwordField.getStyleClass().add("text-field-styling");
+                ServiceItem serviceItem = getTableRow().getItem();
+                passwordField.textProperty().bindBidirectional(serviceItem.password);
+                passwordField.disableProperty().bind(Bindings.createBooleanBinding(() ->
+                                serviceItem.authenticationStatus.get().equals(AuthenticationStatus.AUTHENTICATED) || serviceItem.authenticationStatus.get().equals(AuthenticationStatus.CACHED),
+                        serviceItem.authenticationStatus));
+                serviceItem.password.set(serviceItem.authenticationStatus.get().equals(AuthenticationStatus.AUTHENTICATED) || serviceItem.authenticationStatus.get().equals(AuthenticationStatus.CACHED)
+                        ? "dummypass" : null); // Hack to not reveal password length
+
                 passwordField.setOnKeyPressed(keyEvent -> {
-                    if (keyEvent.getCode() == KeyCode.ENTER) {
-                        CredentialsManagementController.this.login(getTableRow().getItem());
+                    if (keyEvent.getCode() == KeyCode.ENTER &&
+                            !serviceItem.username.isNull().get() &&
+                            !serviceItem.username.get().isEmpty() &&
+                            !serviceItem.password.isNull().get() &&
+                            !serviceItem.password.get().isEmpty()) {
+                        CredentialsManagementController.this.login(serviceItem, 1);
                     }
                 });
                 setGraphic(passwordField);
@@ -319,7 +454,30 @@ protected void updateItem(String item, final boolean empty)
         }
     }
 
-    public void setStage(Stage stage){
+    private static class LoginResultTableCell extends TableCell<ServiceItem, StringProperty> {
+
+        @Override
+        protected void updateItem(StringProperty item, final boolean empty) {
+            super.updateItem(item, empty);
+            if (empty) {
+                setGraphic(null);
+            } else {
+                ServiceItem serviceItem = getTableRow().getItem();
+                Label label = new Label();
+                label.textProperty().bind(serviceItem.loginResultMessage);
+                serviceItem.authenticationStatus.addListener((obs, o, n) -> {
+                    switch (n){
+                        case CACHED, AUTHENTICATED -> label.getStyleClass().remove("error");
+                        default -> label.getStyleClass().add("error");
+                    }
+                    label.setTooltip(new Tooltip(serviceItem.loginResultMessage.get()));
+                });
+                setGraphic(label);
+            }
+        }
+    }
+
+    public void setStage(Stage stage) {
         this.stage = stage;
     }
 }
diff --git a/app/credentials-management/src/main/java/org/phoebus/applications/credentialsmanagement/CredentialsManagementStage.java b/app/credentials-management/src/main/java/org/phoebus/applications/credentialsmanagement/CredentialsManagementStage.java
index ef51b00f04..42548efe60 100644
--- a/app/credentials-management/src/main/java/org/phoebus/applications/credentialsmanagement/CredentialsManagementStage.java
+++ b/app/credentials-management/src/main/java/org/phoebus/applications/credentialsmanagement/CredentialsManagementStage.java
@@ -61,7 +61,6 @@ public CredentialsManagementStage(List<ServiceAuthenticationProvider> authentica
         try {
             fxmlLoader.load();
             Scene scene = new Scene(fxmlLoader.getRoot());
-            scene.getStylesheets().add(getClass().getResource("/css/credentials-management-style.css").toExternalForm());
             setTitle(Messages.Title);
             setScene(scene);
         } catch (Exception exception) {
diff --git a/app/credentials-management/src/main/java/org/phoebus/applications/credentialsmanagement/Messages.java b/app/credentials-management/src/main/java/org/phoebus/applications/credentialsmanagement/Messages.java
index ac40d99da5..7cc77f4fc7 100644
--- a/app/credentials-management/src/main/java/org/phoebus/applications/credentialsmanagement/Messages.java
+++ b/app/credentials-management/src/main/java/org/phoebus/applications/credentialsmanagement/Messages.java
@@ -30,6 +30,9 @@ public class Messages {
     public static String SecureStoreErrorTitle;
     public static String SecureStoreErrorBody;
     public static String Title;
+    public static String ServiceConnectionFailure;
+    public static String UnknownError;
+    public static String UserNotAuthenticated;
 
     static
     {
diff --git a/app/credentials-management/src/main/resources/css/credentials-management-style.css b/app/credentials-management/src/main/resources/css/credentials-management-style.css
index 5f318d1728..78412d657e 100644
--- a/app/credentials-management/src/main/resources/css/credentials-management-style.css
+++ b/app/credentials-management/src/main/resources/css/credentials-management-style.css
@@ -1,20 +1,27 @@
 .text-field-styling{
      -fx-padding: 5px 3px 3px 3px;
-     -fx-border-insets: 5px 3px 3px 3px;
+     -fx-border-insets: 5px 3px 3px 2px;
      -fx-background-insets: 5px 3px 3px 3px;
      -fx-border-color: #cdcdcd;
      -fx-border-radius: 3px;
 }
 
 .table-view .table-column{
-    -fx-alignment:center;
+    -fx-alignment:CENTER;
 }
 
-.table-view .table-cell{
-    -fx-font-weight: bold;
+.table-view .column-header > .label{
+    -fx-alignment: CENTER-LEFT;
     -fx-font-size: 14px;
+    -fx-padding: 5px 3px 3px 3px;
 }
 
 .button-style{
     -fx-pref-width: 100px;
 }
+
+.error{
+    -fx-text-fill: red;
+}
+
+
diff --git a/app/credentials-management/src/main/resources/org/phoebus/applications/credentialsmanagement/CredentialsManagement.fxml b/app/credentials-management/src/main/resources/org/phoebus/applications/credentialsmanagement/CredentialsManagement.fxml
index 3c78f63e53..ec66f94297 100644
--- a/app/credentials-management/src/main/resources/org/phoebus/applications/credentialsmanagement/CredentialsManagement.fxml
+++ b/app/credentials-management/src/main/resources/org/phoebus/applications/credentialsmanagement/CredentialsManagement.fxml
@@ -22,15 +22,15 @@
 <?import javafx.scene.control.cell.*?>
 <?import javafx.scene.layout.*?>
 
-<BorderPane id="parent" fx:id="parent" prefHeight="400.0" prefWidth="600.0" xmlns="http://javafx.com/javafx/11.0.1" xmlns:fx="http://javafx.com/fxml/1" fx:controller="org.phoebus.applications.credentialsmanagement.CredentialsManagementController">
+<BorderPane id="parent" fx:id="parent" prefHeight="400.0" prefWidth="1000.0" xmlns="http://javafx.com/javafx/17.0.12" xmlns:fx="http://javafx.com/fxml/1" fx:controller="org.phoebus.applications.credentialsmanagement.CredentialsManagementController">
     <top>
-        <ToolBar prefHeight="40.0" prefWidth="200.0" BorderPane.alignment="CENTER">
+        <ToolBar prefHeight="40.0" BorderPane.alignment="CENTER">
             <items>
-                <Button fx:id="clearAllCredentialsButton" mnemonicParsing="false" onAction="#logOutFromAll" text="%LogOutFromAll">
-                    <tooltip>
-                        <Tooltip text="%ClearAllCredentials" />
-                    </tooltip>
-                </Button>
+                <TextField fx:id="loginToAllUsernameTextField" promptText="%Username" />
+                <PasswordField fx:id="loginToAllPasswordTextField" promptText="%Password" />
+                <Button fx:id="loginToAllButton" mnemonicParsing="false" onAction="#loginToAll" prefWidth="120.0" text="%LoginToAll" />
+                <Label maxWidth="1.7976931348623157E308" HBox.hgrow="ALWAYS" />
+                <Button fx:id="logoutFromAllButton" mnemonicParsing="false" onAction="#logoutFromAll" prefWidth="120.0" text="%LogoutFromAll" />
             </items>
         </ToolBar>
     </top>
@@ -40,23 +40,31 @@
                 <Label text="%NoCredentialsFound" />
             </placeholder>
             <columns>
-                <TableColumn fx:id="scopeColumn" prefWidth="${parent.width * 0.2}" text="%Scope">
+                <TableColumn fx:id="scopeColumn" style="-fx-alignment: CENTER-LEFT;" text="%Scope">
                     <cellValueFactory>
-                        <PropertyValueFactory property="scope" />
+                        <PropertyValueFactory property="displayName" />
                     </cellValueFactory>
                 </TableColumn>
-                <TableColumn fx:id="usernameColumn" editable="true" prefWidth="${parent.width * 0.3}" text="%UserName">
+                <TableColumn fx:id="usernameColumn" editable="true" prefWidth="110.0" text="%Username">
                     <cellValueFactory>
                         <PropertyValueFactory property="username" />
                     </cellValueFactory>
                 </TableColumn>
-                <TableColumn fx:id="passwordColumn" editable="true" prefWidth="${parent.width * 0.3}" text="%Password">
+                <TableColumn fx:id="passwordColumn" editable="true" prefWidth="110.0" text="%Password">
                     <cellValueFactory>
                         <PropertyValueFactory property="password" />
                     </cellValueFactory>
                 </TableColumn>
-                <TableColumn fx:id="actionButtonColumn" prefWidth="${parent.width * 0.2}" />
+                <TableColumn fx:id="actionButtonColumn" prefWidth="70.0" />
+                <TableColumn fx:id="loginResultColumn" editable="false" prefWidth="150.0" style="-fx-alignment: CENTER-LEFT;" text="%LoginResult">
+                    <cellValueFactory>
+                        <PropertyValueFactory property="loginResultMessage" />
+                    </cellValueFactory>
+                </TableColumn>
             </columns>
+         <columnResizePolicy>
+            <TableView fx:constant="CONSTRAINED_RESIZE_POLICY" />
+         </columnResizePolicy>
         </TableView>
     </center>
 </BorderPane>
diff --git a/app/credentials-management/src/main/resources/org/phoebus/applications/credentialsmanagement/messages.properties b/app/credentials-management/src/main/resources/org/phoebus/applications/credentialsmanagement/messages.properties
index a60a9e2818..7d7b595e55 100644
--- a/app/credentials-management/src/main/resources/org/phoebus/applications/credentialsmanagement/messages.properties
+++ b/app/credentials-management/src/main/resources/org/phoebus/applications/credentialsmanagement/messages.properties
@@ -22,11 +22,16 @@ ErrorDialogTitle=Operation Failed
 ErrorDialogBody=Logout failed!
 LoginButtonText=Login
 LogoutButtonText=Logout
-LogOutFromAll=Logout From All
+LoginResult=Login Result
+LoginToAll=Login To All
+LogoutFromAll=Logout From All
 NoCredentialsFound=No saved credentials and no service authentication providers configured
 Password=Password
-Scope=Scope
+Scope=Service
 SecureStoreErrorTitle=Application Launch Failed
 SecureStoreErrorBody=Failed to instantiate the secure store
+ServiceConnectionFailure=Unable to connect to service
 Title=Credentials Management
-UserName=User Name
\ No newline at end of file
+UnkownError=Unknown error
+Username=Username
+UserNotAuthenticated=User not authenticated
\ No newline at end of file
diff --git a/app/logbook/olog/client-es/src/main/java/org/phoebus/applications/logbook/authentication/OlogAuthenticationScope.java b/app/logbook/olog/client-es/src/main/java/org/phoebus/applications/logbook/authentication/OlogAuthenticationScope.java
new file mode 100644
index 0000000000..224361e498
--- /dev/null
+++ b/app/logbook/olog/client-es/src/main/java/org/phoebus/applications/logbook/authentication/OlogAuthenticationScope.java
@@ -0,0 +1,20 @@
+/*
+ * Copyright (C) 2025 European Spallation Source ERIC.
+ */
+
+package org.phoebus.applications.logbook.authentication;
+
+import org.phoebus.security.tokens.AuthenticationScope;
+
+public class OlogAuthenticationScope implements AuthenticationScope {
+
+    @Override
+    public String getScope() {
+        return "logbook";
+    }
+
+    @Override
+    public String getDisplayName() {
+        return "Logbook";
+    }
+}
diff --git a/app/logbook/olog/client-es/src/main/java/org/phoebus/applications/logbook/authentication/OlogServiceAuthenticationProvider.java b/app/logbook/olog/client-es/src/main/java/org/phoebus/applications/logbook/authentication/OlogServiceAuthenticationProvider.java
index 4332b5ebbd..e29a8da24c 100644
--- a/app/logbook/olog/client-es/src/main/java/org/phoebus/applications/logbook/authentication/OlogServiceAuthenticationProvider.java
+++ b/app/logbook/olog/client-es/src/main/java/org/phoebus/applications/logbook/authentication/OlogServiceAuthenticationProvider.java
@@ -19,32 +19,25 @@
 package org.phoebus.applications.logbook.authentication;
 
 import org.phoebus.olog.es.api.OlogHttpClient;
+import org.phoebus.security.authorization.AuthenticationStatus;
 import org.phoebus.security.authorization.ServiceAuthenticationProvider;
 import org.phoebus.security.tokens.AuthenticationScope;
 
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
 public class OlogServiceAuthenticationProvider implements ServiceAuthenticationProvider {
 
-    @Override
-    public void authenticate(String username, String password){
-        try {
-            OlogHttpClient.builder().build().authenticate(username, password);
-        } catch (Exception e) {
-            Logger.getLogger(OlogServiceAuthenticationProvider.class.getName())
-                    .log(Level.WARNING, "Failed to authenticate user " + username + " with logbook service", e);
-            throw new RuntimeException(e);
-        }
+    private final AuthenticationScope ologAuthenticationScope;
+
+    public OlogServiceAuthenticationProvider() {
+        ologAuthenticationScope = new OlogAuthenticationScope();
     }
 
     @Override
-    public void logout(String token) {
-        // Not implemented for Olog. Yet?
+    public AuthenticationStatus authenticate(String username, String password) {
+        return OlogHttpClient.builder().build().authenticate(username, password);
     }
 
     @Override
     public AuthenticationScope getAuthenticationScope() {
-        return AuthenticationScope.LOGBOOK;
+        return ologAuthenticationScope;
     }
 }
diff --git a/app/logbook/olog/client-es/src/main/java/org/phoebus/olog/es/api/OlogHttpClient.java b/app/logbook/olog/client-es/src/main/java/org/phoebus/olog/es/api/OlogHttpClient.java
index 5a82c242e0..f9a2787836 100644
--- a/app/logbook/olog/client-es/src/main/java/org/phoebus/olog/es/api/OlogHttpClient.java
+++ b/app/logbook/olog/client-es/src/main/java/org/phoebus/olog/es/api/OlogHttpClient.java
@@ -9,6 +9,7 @@
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
+import org.phoebus.applications.logbook.authentication.OlogAuthenticationScope;
 import org.phoebus.logbook.Attachment;
 import org.phoebus.logbook.LogClient;
 import org.phoebus.logbook.LogEntry;
@@ -25,8 +26,8 @@
 import org.phoebus.olog.es.api.model.OlogObjectMappers;
 import org.phoebus.olog.es.api.model.OlogSearchResult;
 import org.phoebus.olog.es.authentication.LoginCredentials;
+import org.phoebus.security.authorization.AuthenticationStatus;
 import org.phoebus.security.store.SecureStore;
-import org.phoebus.security.tokens.AuthenticationScope;
 import org.phoebus.security.tokens.ScopedAuthenticationToken;
 import org.phoebus.util.http.HttpRequestMultipartBody;
 import org.phoebus.util.http.QueryParamsHelper;
@@ -34,6 +35,7 @@
 import javax.ws.rs.core.MultivaluedHashMap;
 import javax.ws.rs.core.MultivaluedMap;
 import java.io.InputStream;
+import java.net.ConnectException;
 import java.net.CookieManager;
 import java.net.CookiePolicy;
 import java.net.URI;
@@ -112,7 +114,7 @@ public OlogHttpClient build() {
         private ScopedAuthenticationToken getCredentialsFromSecureStore() {
             try {
                 SecureStore secureStore = new SecureStore();
-                return secureStore.getScopedAuthenticationToken(AuthenticationScope.LOGBOOK);
+                return secureStore.getScopedAuthenticationToken(new OlogAuthenticationScope());
             } catch (Exception e) {
                 Logger.getLogger(OlogHttpClient.class.getName()).log(Level.WARNING, "Unable to instantiate SecureStore", e);
                 return null;
@@ -128,14 +130,13 @@ public static Builder builder() {
      * Disallow instantiation.
      */
     private OlogHttpClient(String userName, String password) {
-        if(Preferences.connectTimeout > 0){
+        if (Preferences.connectTimeout > 0) {
             httpClient = HttpClient.newBuilder()
                     .cookieHandler(new CookieManager(null, CookiePolicy.ACCEPT_ALL))
                     .followRedirects(HttpClient.Redirect.ALWAYS)
                     .connectTimeout(Duration.ofMillis(Preferences.connectTimeout))
                     .build();
-        }
-        else{
+        } else {
             httpClient = HttpClient.newBuilder()
                     .cookieHandler(new CookieManager(null, CookiePolicy.ACCEPT_ALL))
                     .followRedirects(HttpClient.Redirect.ALWAYS)
@@ -358,23 +359,30 @@ public void groupLogEntries(List<Long> logEntryIds) throws LogbookException {
      *
      * @param userName Username, must not be <code>null</code>.
      * @param password Password, must not be <code>null</code>.
-     * @throws Exception if the login fails, e.g. bad credentials or service off-line.
+     * @return An {@link AuthenticationStatus} to indicate the outcome of the login attempt.
      */
-    public void authenticate(String userName, String password) throws Exception {
-
+    public AuthenticationStatus authenticate(String userName, String password) {
         String stringBuilder = Preferences.olog_url +
                 "/login";
-        HttpRequest request = HttpRequest.newBuilder()
-                .uri(URI.create(stringBuilder))
-                .header("Content-Type", CONTENT_TYPE_JSON)
-                .POST(HttpRequest.BodyPublishers.ofString(OBJECT_MAPPER.writeValueAsString(new LoginCredentials(userName, password))))
-                .build();
-        HttpResponse<String> response = httpClient.send(request, HttpResponse.BodyHandlers.ofString());
-        if (response.statusCode() == 401) {
-            throw new Exception("Failed to login: user unauthorized");
-        } else if (response.statusCode() != 200) {
-            throw new Exception("Failed to login, got HTTP status " + response.statusCode());
+        try {
+            HttpRequest request = HttpRequest.newBuilder()
+                    .uri(URI.create(stringBuilder))
+                    .header("Content-Type", CONTENT_TYPE_JSON)
+                    .POST(HttpRequest.BodyPublishers.ofString(OBJECT_MAPPER.writeValueAsString(new LoginCredentials(userName, password))))
+                    .build();
+            HttpResponse<String> response = httpClient.send(request, HttpResponse.BodyHandlers.ofString());
+            if (response.statusCode() == 401) {
+                LOGGER.log(Level.WARNING, "User not authenticated with logbook service");
+                return AuthenticationStatus.BAD_CREDENTIALS;
+            }
+        } catch (ConnectException e) {
+            LOGGER.log(Level.WARNING, "Cannot connect to logbook service");
+            return AuthenticationStatus.SERVICE_OFFLINE;
+        } catch (Exception e) {
+            LOGGER.log(Level.WARNING, "Unable to send authentication request to service, reason unknown");
+            return AuthenticationStatus.UNKNOWN_ERROR;
         }
+        return AuthenticationStatus.AUTHENTICATED;
     }
 
     /**
@@ -469,7 +477,7 @@ public InputStream getAttachment(Long logId, String attachmentName) {
                     .GET()
                     .build();
             HttpResponse<InputStream> response = httpClient.send(request, HttpResponse.BodyHandlers.ofInputStream());
-            if(response.statusCode() >= 300) {
+            if (response.statusCode() >= 300) {
                 LOGGER.log(Level.WARNING, "failed to obtain attachment: " + new String(response.body().readAllBytes()));
                 return null;
             }
@@ -556,7 +564,7 @@ public LogTemplate saveTemplate(LogTemplate template) throws LogbookException {
     }
 
     @Override
-    public Collection<LogEntryLevel> listLevels(){
+    public Collection<LogEntryLevel> listLevels() {
         HttpRequest request = HttpRequest.newBuilder()
                 .uri(URI.create(Preferences.olog_url + "/levels"))
                 .GET()
diff --git a/app/logbook/olog/client/src/main/java/org/phoebus/olog/api/OlogAuthenticationScope.java b/app/logbook/olog/client/src/main/java/org/phoebus/olog/api/OlogAuthenticationScope.java
new file mode 100644
index 0000000000..b773e4df34
--- /dev/null
+++ b/app/logbook/olog/client/src/main/java/org/phoebus/olog/api/OlogAuthenticationScope.java
@@ -0,0 +1,20 @@
+/*
+ * Copyright (C) 2025 European Spallation Source ERIC.
+ */
+
+package org.phoebus.olog.api;
+
+import org.phoebus.security.tokens.AuthenticationScope;
+
+public class OlogAuthenticationScope implements AuthenticationScope {
+
+    @Override
+    public String getScope() {
+        return "logbook";
+    }
+
+    @Override
+    public String getDisplayName() {
+        return "Logbook";
+    }
+}
diff --git a/app/logbook/olog/client/src/main/java/org/phoebus/olog/api/OlogClient.java b/app/logbook/olog/client/src/main/java/org/phoebus/olog/api/OlogClient.java
index 6e5ad73660..4a135ebbf4 100644
--- a/app/logbook/olog/client/src/main/java/org/phoebus/olog/api/OlogClient.java
+++ b/app/logbook/olog/client/src/main/java/org/phoebus/olog/api/OlogClient.java
@@ -123,7 +123,7 @@ public OlogClientBuilder password(String password) {
         private ScopedAuthenticationToken getCredentialsFromSecureStore() {
             try {
                 SecureStore secureStore = new SecureStore();
-                return secureStore.getScopedAuthenticationToken(AuthenticationScope.LOGBOOK);
+                return secureStore.getScopedAuthenticationToken(new OlogAuthenticationScope());
             } catch (Exception e) {
                 Logger.getLogger(OlogClient.class.getName()).log(Level.WARNING, "Unable to instantiate SecureStore", e);
                 return null;
diff --git a/app/logbook/olog/ui/src/main/java/org/phoebus/logbook/olog/ui/LogEntryTableViewController.java b/app/logbook/olog/ui/src/main/java/org/phoebus/logbook/olog/ui/LogEntryTableViewController.java
index 1c288ef30d..961b0bc8eb 100644
--- a/app/logbook/olog/ui/src/main/java/org/phoebus/logbook/olog/ui/LogEntryTableViewController.java
+++ b/app/logbook/olog/ui/src/main/java/org/phoebus/logbook/olog/ui/LogEntryTableViewController.java
@@ -39,6 +39,7 @@
 import javafx.util.Callback;
 import javafx.util.Duration;
 import javafx.util.StringConverter;
+import org.phoebus.applications.logbook.authentication.OlogAuthenticationScope;
 import org.phoebus.framework.jobs.JobManager;
 import org.phoebus.logbook.LogClient;
 import org.phoebus.logbook.LogEntry;
@@ -202,7 +203,7 @@ public void initialize() {
         contextMenu.setOnShowing(e -> {
             try {
                 SecureStore store = new SecureStore();
-                ScopedAuthenticationToken scopedAuthenticationToken = store.getScopedAuthenticationToken(AuthenticationScope.LOGBOOK);
+                ScopedAuthenticationToken scopedAuthenticationToken = store.getScopedAuthenticationToken(new OlogAuthenticationScope());
                 userHasSignedIn.set(scopedAuthenticationToken != null);
             } catch (Exception ex) {
                 logger.log(Level.WARNING, "Secure Store file not found.", ex);
diff --git a/app/logbook/olog/ui/src/main/java/org/phoebus/logbook/olog/ui/write/LogEntryEditorController.java b/app/logbook/olog/ui/src/main/java/org/phoebus/logbook/olog/ui/write/LogEntryEditorController.java
index a4ae21527c..8b01b0027a 100644
--- a/app/logbook/olog/ui/src/main/java/org/phoebus/logbook/olog/ui/write/LogEntryEditorController.java
+++ b/app/logbook/olog/ui/src/main/java/org/phoebus/logbook/olog/ui/write/LogEntryEditorController.java
@@ -62,6 +62,8 @@
 import java.net.URL;
 import java.util.regex.Pattern;
 import java.util.regex.Matcher;
+
+import org.phoebus.applications.logbook.authentication.OlogAuthenticationScope;
 import org.phoebus.logbook.olog.ui.LogbookUIPreferences;
 
 import javafx.util.Callback;
@@ -756,7 +758,7 @@ public void submit() {
                     try {
                         SecureStore store = new SecureStore();
                         ScopedAuthenticationToken scopedAuthenticationToken =
-                                new ScopedAuthenticationToken(AuthenticationScope.LOGBOOK, usernameProperty.get(), passwordProperty.get());
+                                new ScopedAuthenticationToken(new OlogAuthenticationScope(), usernameProperty.get(), passwordProperty.get());
                         store.setScopedAuthentication(scopedAuthenticationToken);
                     } catch (Exception ex) {
                         logger.log(Level.WARNING, "Secure Store file not found.", ex);
@@ -980,7 +982,7 @@ public void fetchStoredUserCredentials() {
             // Get the SecureStore. Retrieve username and password.
             try {
                 SecureStore store = new SecureStore();
-                ScopedAuthenticationToken scopedAuthenticationToken = store.getScopedAuthenticationToken(AuthenticationScope.LOGBOOK);
+                ScopedAuthenticationToken scopedAuthenticationToken = store.getScopedAuthenticationToken(new OlogAuthenticationScope());
                 // Could be accessed from JavaFX Application Thread when updating, so synchronize.
                 synchronized (usernameProperty) {
                     usernameProperty.set(scopedAuthenticationToken == null ? "" : scopedAuthenticationToken.getUsername());
diff --git a/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/authentication/SaveAndRestoreAuthenticationProvider.java b/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/authentication/SaveAndRestoreAuthenticationProvider.java
index e23900c665..ee3e237945 100644
--- a/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/authentication/SaveAndRestoreAuthenticationProvider.java
+++ b/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/authentication/SaveAndRestoreAuthenticationProvider.java
@@ -19,44 +19,30 @@
 
 package org.phoebus.applications.saveandrestore.authentication;
 
-import org.phoebus.applications.saveandrestore.Preferences;
-import org.phoebus.applications.saveandrestore.model.UserData;
 import org.phoebus.applications.saveandrestore.ui.SaveAndRestoreService;
+import org.phoebus.security.authorization.AuthenticationStatus;
 import org.phoebus.security.authorization.ServiceAuthenticationProvider;
 import org.phoebus.security.tokens.AuthenticationScope;
 
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
 /**
  * Authentication provider for the save-and-restore service.
  */
 public class SaveAndRestoreAuthenticationProvider implements ServiceAuthenticationProvider {
 
-    @Override
-    public void authenticate(String username, String password) {
-        SaveAndRestoreService saveAndRestoreService = SaveAndRestoreService.getInstance();
-        try {
-            UserData userData = saveAndRestoreService.authenticate(username, password);
-            Logger.getLogger(SaveAndRestoreAuthenticationProvider.class.getName())
-                    .log(Level.INFO, "User " + userData.getUserName() + " successfully signed in");
-        } catch (Exception e) {
-            // NOTE!!! Exception message and/or stack trace could contain request URL and consequently
-            // user's password, so do not log or propagate it.
-            Logger.getLogger(SaveAndRestoreAuthenticationProvider.class.getName())
-                    .log(Level.WARNING, "Failed to authenticate user " + username + " with save&restore service");
-            throw new RuntimeException("Failed to authenticate user " + username + " with save&restore service");
-        }
+    private final AuthenticationScope saveAndRestoreAuthenticationScope;
+
+    public SaveAndRestoreAuthenticationProvider() {
+        saveAndRestoreAuthenticationScope = new SaveAndRestoreAuthenticationScope();
     }
 
     @Override
-    public void logout(String token) {
-        // Not implemented for save&restore
+    public AuthenticationStatus authenticate(String username, String password) {
+        return SaveAndRestoreService.getInstance().authenticate(username, password);
     }
 
     @Override
     public AuthenticationScope getAuthenticationScope() {
-        return AuthenticationScope.SAVE_AND_RESTORE;
+        return saveAndRestoreAuthenticationScope;
     }
 
 }
diff --git a/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/authentication/SaveAndRestoreAuthenticationScope.java b/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/authentication/SaveAndRestoreAuthenticationScope.java
new file mode 100644
index 0000000000..bbb87323ed
--- /dev/null
+++ b/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/authentication/SaveAndRestoreAuthenticationScope.java
@@ -0,0 +1,19 @@
+/*
+ * Copyright (C) 2025 European Spallation Source ERIC.
+ */
+
+package org.phoebus.applications.saveandrestore.authentication;
+
+import org.phoebus.security.tokens.AuthenticationScope;
+
+public class SaveAndRestoreAuthenticationScope implements AuthenticationScope {
+    @Override
+    public String getScope() {
+        return "save-and-restore";
+    }
+
+    @Override
+    public String getDisplayName() {
+        return "Save and Restore";
+    }
+}
diff --git a/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/client/SaveAndRestoreClient.java b/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/client/SaveAndRestoreClient.java
index 688a6b9b09..a9cfa50944 100644
--- a/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/client/SaveAndRestoreClient.java
+++ b/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/client/SaveAndRestoreClient.java
@@ -30,9 +30,9 @@
 import org.phoebus.applications.saveandrestore.model.SnapshotItem;
 import org.phoebus.applications.saveandrestore.model.Tag;
 import org.phoebus.applications.saveandrestore.model.TagData;
-import org.phoebus.applications.saveandrestore.model.UserData;
 import org.phoebus.applications.saveandrestore.model.search.Filter;
 import org.phoebus.applications.saveandrestore.model.search.SearchResult;
+import org.phoebus.security.authorization.AuthenticationStatus;
 
 import javax.ws.rs.core.MultivaluedMap;
 import java.util.List;
@@ -248,10 +248,9 @@ public interface SaveAndRestoreClient {
      *
      * @param userName User's account name
      * @param password User's password
-     * @return A {@link UserData} object if login is successful, otherwise implementation should throw
-     * an exception.
+     * @return An {@link AuthenticationStatus} to indicate the outcome of the login attempt.
      */
-    UserData authenticate(String userName, String password);
+    AuthenticationStatus authenticate(String userName, String password);
 
     /**
      * Requests service to restore the specified {@link SnapshotItem}s
diff --git a/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/client/SaveAndRestoreClientImpl.java b/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/client/SaveAndRestoreClientImpl.java
index 05c5755d8e..3cf5aa6dd1 100644
--- a/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/client/SaveAndRestoreClientImpl.java
+++ b/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/client/SaveAndRestoreClientImpl.java
@@ -12,6 +12,7 @@
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import org.phoebus.applications.saveandrestore.Messages;
 import org.phoebus.applications.saveandrestore.SaveAndRestoreClientException;
+import org.phoebus.applications.saveandrestore.authentication.SaveAndRestoreAuthenticationScope;
 import org.phoebus.applications.saveandrestore.model.CompositeSnapshot;
 import org.phoebus.applications.saveandrestore.model.Configuration;
 import org.phoebus.applications.saveandrestore.model.ConfigurationData;
@@ -23,15 +24,15 @@
 import org.phoebus.applications.saveandrestore.model.SnapshotItem;
 import org.phoebus.applications.saveandrestore.model.Tag;
 import org.phoebus.applications.saveandrestore.model.TagData;
-import org.phoebus.applications.saveandrestore.model.UserData;
 import org.phoebus.applications.saveandrestore.model.search.Filter;
 import org.phoebus.applications.saveandrestore.model.search.SearchResult;
+import org.phoebus.security.authorization.AuthenticationStatus;
 import org.phoebus.security.store.SecureStore;
-import org.phoebus.security.tokens.AuthenticationScope;
 import org.phoebus.security.tokens.ScopedAuthenticationToken;
 import org.phoebus.util.http.QueryParamsHelper;
 
 import javax.ws.rs.core.MultivaluedMap;
+import java.net.ConnectException;
 import java.net.CookieHandler;
 import java.net.CookieManager;
 import java.net.CookiePolicy;
@@ -42,7 +43,6 @@
 import java.time.Duration;
 import java.util.Base64;
 import java.util.List;
-import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -80,7 +80,7 @@ public class SaveAndRestoreClientImpl implements SaveAndRestoreClient {
     private String getBasicAuthenticationHeader() {
         try {
             SecureStore store = new SecureStore();
-            ScopedAuthenticationToken scopedAuthenticationToken = store.getScopedAuthenticationToken(AuthenticationScope.SAVE_AND_RESTORE);
+            ScopedAuthenticationToken scopedAuthenticationToken = store.getScopedAuthenticationToken(new SaveAndRestoreAuthenticationScope());
             if (scopedAuthenticationToken != null) {
                 String username = scopedAuthenticationToken.getUsername();
                 String password = scopedAuthenticationToken.getPassword();
@@ -577,20 +577,28 @@ public List<Node> deleteTag(TagData tagData) {
      * @return {@inheritDoc}
      */
     @Override
-    public UserData authenticate(String userName, String password) {
+    public AuthenticationStatus authenticate(String userName, String password) {
+        String stringBuilder = Preferences.jmasarServiceUrl +
+                "/login";
         try {
-            String stringBuilder = Preferences.jmasarServiceUrl +
-                    "/login";
             HttpRequest request = HttpRequest.newBuilder()
                     .uri(URI.create(stringBuilder))
                     .header("Content-Type", CONTENT_TYPE_JSON)
                     .POST(HttpRequest.BodyPublishers.ofString(OBJECT_MAPPER.writeValueAsString(new LoginCredentials(userName, password))))
                     .build();
             HttpResponse<String> response = CLIENT.send(request, HttpResponse.BodyHandlers.ofString());
-            return OBJECT_MAPPER.readValue(response.body(), UserData.class);
+            if (response.statusCode() == 401) {
+                LOGGER.log(Level.WARNING, "User not authenticated with save&restore service");
+                return AuthenticationStatus.BAD_CREDENTIALS;
+            }
+        } catch (ConnectException e) {
+            LOGGER.log(Level.WARNING, "Cannot connect to save&restore service");
+            return AuthenticationStatus.SERVICE_OFFLINE;
         } catch (Exception e) {
-            throw new RuntimeException(e);
+            LOGGER.log(Level.WARNING, "Unable to send authentication request to service, reason unknown");
+            return AuthenticationStatus.UNKNOWN_ERROR;
         }
+        return AuthenticationStatus.AUTHENTICATED;
     }
 
     /**
diff --git a/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/ui/ContextMenuCreateSaveset.java b/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/ui/ContextMenuCreateSaveset.java
index 01bbf79f53..19837adcbf 100644
--- a/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/ui/ContextMenuCreateSaveset.java
+++ b/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/ui/ContextMenuCreateSaveset.java
@@ -27,6 +27,7 @@
 import javafx.stage.Stage;
 import org.phoebus.applications.saveandrestore.Messages;
 import org.phoebus.applications.saveandrestore.SaveAndRestoreApplication;
+import org.phoebus.applications.saveandrestore.authentication.SaveAndRestoreAuthenticationScope;
 import org.phoebus.applications.saveandrestore.model.Node;
 import org.phoebus.applications.saveandrestore.model.NodeType;
 import org.phoebus.applications.saveandrestore.ui.configuration.ConfigurationFromSelectionController;
@@ -34,7 +35,6 @@
 import org.phoebus.framework.nls.NLS;
 import org.phoebus.framework.selection.Selection;
 import org.phoebus.security.store.SecureStore;
-import org.phoebus.security.tokens.AuthenticationScope;
 import org.phoebus.security.tokens.ScopedAuthenticationToken;
 import org.phoebus.ui.javafx.ImageCache;
 import org.phoebus.ui.spi.ContextMenuEntry;
@@ -90,11 +90,11 @@ public boolean isEnabled(){
         try {
             SecureStore secureStore = new SecureStore();
             ScopedAuthenticationToken token =
-                    secureStore.getScopedAuthenticationToken(AuthenticationScope.SAVE_AND_RESTORE);
+                    secureStore.getScopedAuthenticationToken(new SaveAndRestoreAuthenticationScope());
             return token != null;
         } catch (Exception e) {
             Logger.getLogger(ContextMenuCreateSaveset.class.getName()).log(Level.WARNING, "Unable to retrieve authentication token for " +
-                    AuthenticationScope.SAVE_AND_RESTORE.getName() + " scope", e);
+                    new SaveAndRestoreAuthenticationScope().getScope() + " scope", e);
             return false;
         }
     }
diff --git a/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/ui/SaveAndRestoreBaseController.java b/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/ui/SaveAndRestoreBaseController.java
index 9b992cf579..e1e55911f0 100644
--- a/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/ui/SaveAndRestoreBaseController.java
+++ b/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/ui/SaveAndRestoreBaseController.java
@@ -20,9 +20,9 @@
 package org.phoebus.applications.saveandrestore.ui;
 
 import javafx.beans.property.SimpleStringProperty;
+import org.phoebus.applications.saveandrestore.authentication.SaveAndRestoreAuthenticationScope;
 import org.phoebus.applications.saveandrestore.model.websocket.SaveAndRestoreWebSocketMessage;
 import org.phoebus.security.store.SecureStore;
-import org.phoebus.security.tokens.AuthenticationScope;
 import org.phoebus.security.tokens.ScopedAuthenticationToken;
 
 import java.util.List;
@@ -42,7 +42,7 @@ public SaveAndRestoreBaseController() {
         try {
             SecureStore secureStore = new SecureStore();
             ScopedAuthenticationToken token =
-                    secureStore.getScopedAuthenticationToken(AuthenticationScope.SAVE_AND_RESTORE);
+                    secureStore.getScopedAuthenticationToken(new SaveAndRestoreAuthenticationScope());
             if (token != null) {
                 userIdentity.set(token.getUsername());
             } else {
@@ -50,14 +50,14 @@ public SaveAndRestoreBaseController() {
             }
         } catch (Exception e) {
             Logger.getLogger(SaveAndRestoreBaseController.class.getName()).log(Level.WARNING, "Unable to retrieve authentication token for " +
-                    AuthenticationScope.SAVE_AND_RESTORE.getName() + " scope", e);
+                    new SaveAndRestoreAuthenticationScope().getScope()+ " scope", e);
         }
     }
 
     public void secureStoreChanged(List<ScopedAuthenticationToken> validTokens) {
         Optional<ScopedAuthenticationToken> token =
                 validTokens.stream()
-                        .filter(t -> t.getAuthenticationScope().equals(AuthenticationScope.SAVE_AND_RESTORE)).findFirst();
+                        .filter(t -> t.getAuthenticationScope().getScope().equals(new SaveAndRestoreAuthenticationScope().getScope())).findFirst();
         if (token.isPresent()) {
             userIdentity.set(token.get().getUsername());
         } else {
diff --git a/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/ui/SaveAndRestoreService.java b/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/ui/SaveAndRestoreService.java
index d3b3c00a64..1203fe1d7f 100644
--- a/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/ui/SaveAndRestoreService.java
+++ b/app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/ui/SaveAndRestoreService.java
@@ -33,20 +33,19 @@
 import org.phoebus.applications.saveandrestore.model.SnapshotItem;
 import org.phoebus.applications.saveandrestore.model.Tag;
 import org.phoebus.applications.saveandrestore.model.TagData;
-import org.phoebus.applications.saveandrestore.model.UserData;
 import org.phoebus.applications.saveandrestore.model.search.Filter;
 import org.phoebus.applications.saveandrestore.model.search.SearchResult;
 import org.phoebus.core.vtypes.VDisconnectedData;
 import org.phoebus.pv.PV;
 import org.phoebus.pv.PVPool;
 import org.phoebus.saveandrestore.util.VNoData;
+import org.phoebus.security.authorization.AuthenticationStatus;
 import org.phoebus.util.time.TimestampFormats;
 
 import javax.ws.rs.core.MultivaluedMap;
 import java.time.Instant;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Set;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Future;
 import java.util.concurrent.LinkedBlockingQueue;
@@ -316,17 +315,15 @@ public List<Node> deleteTag(TagData tagData) throws Exception {
     }
 
     /**
-     * Authenticate user, needed for all non-GET endpoints if service requires it
+     * Authenticate user, needed for all non-GET endpoints if service requires it. Note that
+     * this is executed in a synchronous manner, i.e. an {@link ExecutorService} is not used.
      *
      * @param userName User's account name
      * @param password User's password
-     * @return A {@link UserData} object
-     * @throws Exception if authentication fails
+     * @return An {@link AuthenticationStatus} to indicate the outcome of the login attempt.
      */
-    public UserData authenticate(String userName, String password) throws Exception {
-        Future<UserData> future =
-                executor.submit(() -> saveAndRestoreClient.authenticate(userName, password));
-        return future.get();
+    public AuthenticationStatus authenticate(String userName, String password) {
+        return saveAndRestoreClient.authenticate(userName, password);
     }
 
     /**
diff --git a/app/save-and-restore/app/src/test/java/org/phoebus/applications/saveandrestore/client/HttpClientTestIT.java b/app/save-and-restore/app/src/test/java/org/phoebus/applications/saveandrestore/client/HttpClientTestIT.java
index d690411e98..38c5c6da62 100644
--- a/app/save-and-restore/app/src/test/java/org/phoebus/applications/saveandrestore/client/HttpClientTestIT.java
+++ b/app/save-and-restore/app/src/test/java/org/phoebus/applications/saveandrestore/client/HttpClientTestIT.java
@@ -11,6 +11,7 @@
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
+import org.phoebus.applications.saveandrestore.authentication.SaveAndRestoreAuthenticationScope;
 import org.phoebus.applications.saveandrestore.model.CompositeSnapshot;
 import org.phoebus.applications.saveandrestore.model.CompositeSnapshotData;
 import org.phoebus.applications.saveandrestore.model.ConfigPv;
@@ -34,6 +35,7 @@
 
 import javax.ws.rs.core.MultivaluedHashMap;
 import javax.ws.rs.core.MultivaluedMap;
+import java.net.ConnectException;
 import java.util.List;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -63,7 +65,7 @@ public static void init() {
         try {
             SecureStore store = new SecureStore();
             ScopedAuthenticationToken scopedAuthenticationToken =
-                    new ScopedAuthenticationToken(AuthenticationScope.SAVE_AND_RESTORE, "admin", "adminPass");
+                    new ScopedAuthenticationToken(new SaveAndRestoreAuthenticationScope(), "admin", "adminPass");
             store.setScopedAuthentication(scopedAuthenticationToken);
         } catch (Exception e) {
             throw new RuntimeException(e);
@@ -90,7 +92,7 @@ public static void cleanUp() {
     }
 
     @Test
-    public void testAuthenticate() {
+    public void testAuthenticate() throws Exception {
         saveAndRestoreClient.authenticate("admin", "adminPass");
     }
 
diff --git a/app/save-and-restore/model/src/main/java/org/phoebus/applications/saveandrestore/model/UserData.java b/app/save-and-restore/model/src/main/java/org/phoebus/applications/saveandrestore/model/UserData.java
deleted file mode 100644
index 97c5cfd91c..0000000000
--- a/app/save-and-restore/model/src/main/java/org/phoebus/applications/saveandrestore/model/UserData.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (C) 2020 European Spallation Source ERIC.
- *
- *  This program is free software; you can redistribute it and/or
- *  modify it under the terms of the GNU General Public License
- *  as published by the Free Software Foundation; either version 2
- *  of the License, or (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
- */
-
-package org.phoebus.applications.saveandrestore.model;
-
-import java.util.List;
-
-/**
- * Simple pojo used to convey username and list of roles to a client upon
- * login or explicit request.
- */
-public class UserData {
-
-    private String userName;
-    private List<String> roles;
-
-    public UserData(){
-
-    }
-
-    public UserData(String userName, List<String> roles){
-        this.userName = userName;
-        this.roles = roles;
-    }
-
-    public String getUserName() {
-        return userName;
-    }
-
-    public void setUserName(String userName) {
-        this.userName = userName;
-    }
-
-    public List<String> getRoles() {
-        return roles;
-    }
-
-    public void setRoles(List<String> roles) {
-        this.roles = roles;
-    }
-}
diff --git a/core/security/src/main/java/org/phoebus/security/authorization/AuthenticationStatus.java b/core/security/src/main/java/org/phoebus/security/authorization/AuthenticationStatus.java
new file mode 100644
index 0000000000..8557b5d98b
--- /dev/null
+++ b/core/security/src/main/java/org/phoebus/security/authorization/AuthenticationStatus.java
@@ -0,0 +1,17 @@
+/*
+ * Copyright (C) 2025 European Spallation Source ERIC.
+ */
+
+package org.phoebus.security.authorization;
+
+/**
+ * Enum indicating the current or updated authentication status.
+ */
+public enum AuthenticationStatus {
+    UNDETERMINED,       // Not set, e.g. user not yet logged in
+    AUTHENTICATED,      // Successfully authenticated after login call to service
+    CACHED,             // User authenticated based on cached credentials
+    BAD_CREDENTIALS,    // Not authenticated by service
+    SERVICE_OFFLINE,    // Service not reachable
+    UNKNOWN_ERROR       // Authentication with service failes for unknown reason
+}
diff --git a/core/security/src/main/java/org/phoebus/security/authorization/ServiceAuthenticationException.java b/core/security/src/main/java/org/phoebus/security/authorization/ServiceAuthenticationException.java
new file mode 100644
index 0000000000..8a4fbd940c
--- /dev/null
+++ b/core/security/src/main/java/org/phoebus/security/authorization/ServiceAuthenticationException.java
@@ -0,0 +1,18 @@
+/*
+ * Copyright (C) 2025 European Spallation Source ERIC.
+ */
+
+package org.phoebus.security.authorization;
+
+/**
+ * Custom {@link Exception} class to indicate failure to authenticate with a {@link ServiceAuthenticationProvider}.
+ * Note that this should <i>not</i> be used to indicate failure to connect to a {@link ServiceAuthenticationProvider}.
+ */
+public class ServiceAuthenticationException extends RuntimeException{
+
+    public ServiceAuthenticationException(String message){
+        super(message);
+    }
+}
+
+
diff --git a/core/security/src/main/java/org/phoebus/security/authorization/ServiceAuthenticationProvider.java b/core/security/src/main/java/org/phoebus/security/authorization/ServiceAuthenticationProvider.java
index 9e807e0c69..0807f769a1 100644
--- a/core/security/src/main/java/org/phoebus/security/authorization/ServiceAuthenticationProvider.java
+++ b/core/security/src/main/java/org/phoebus/security/authorization/ServiceAuthenticationProvider.java
@@ -18,6 +18,7 @@
 
 package org.phoebus.security.authorization;
 
+import org.phoebus.security.store.SecureStore;
 import org.phoebus.security.tokens.AuthenticationScope;
 
 /**
@@ -30,14 +31,21 @@ public interface ServiceAuthenticationProvider {
      * Authenticates with the announced service.
      * @param username User name
      * @param password Password
+     * @return An {@link AuthenticationStatus} indicating the outcome.
      */
-    void authenticate(String username, String password);
+    AuthenticationStatus authenticate(String username, String password);
 
     /**
      * Signs out user from the service.
-     * @param token Username or other type of token (e.g. session cookie).
      */
-    void logout(String token);
+    default void logout(){
+        try {
+            SecureStore secureStore = new SecureStore();
+            secureStore.deleteScopedAuthenticationToken(getAuthenticationScope());
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
 
     /**
      * The identity of the announced service. This must be unique between all implementations.
diff --git a/core/security/src/main/java/org/phoebus/security/store/SecureStore.java b/core/security/src/main/java/org/phoebus/security/store/SecureStore.java
index d70029174d..77defbf199 100644
--- a/core/security/src/main/java/org/phoebus/security/store/SecureStore.java
+++ b/core/security/src/main/java/org/phoebus/security/store/SecureStore.java
@@ -12,8 +12,10 @@
 import java.util.ServiceLoader;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import java.util.stream.Collectors;
 
 import org.phoebus.security.PhoebusSecurity;
+import org.phoebus.security.authorization.ServiceAuthenticationProvider;
 import org.phoebus.security.tokens.AuthenticationScope;
 import org.phoebus.security.tokens.ScopedAuthenticationToken;
 
@@ -99,13 +101,13 @@ public void delete(String tag) throws Exception{
     public ScopedAuthenticationToken getScopedAuthenticationToken(AuthenticationScope scope) throws Exception{
         String username;
         String password;
-        if(scope == null || scope.getName().trim().isEmpty()){
+        if(scope == null || scope.getScope().trim().isEmpty()){
             username = get(USERNAME_TAG);
             password = get(PASSWORD_TAG);
         }
         else{
-            username = get(scope.getName().toLowerCase() + "." + USERNAME_TAG);
-            password = get(scope.getName().toLowerCase() + "." + PASSWORD_TAG);
+            username = get(scope.getScope().toLowerCase() + "." + USERNAME_TAG);
+            password = get(scope.getScope().toLowerCase() + "." + PASSWORD_TAG);
         }
         if(username == null || password == null){
             return null;
@@ -118,13 +120,13 @@ public ScopedAuthenticationToken getScopedAuthenticationToken(AuthenticationScop
      */
     public void deleteScopedAuthenticationToken(AuthenticationScope scope) throws Exception{
         LOGGER.log(Level.INFO, "Deleting authentication token for scope: " + scope);
-        if(scope == null || scope.getName().trim().isEmpty()){
+        if(scope == null || scope.getScope().trim().isEmpty()){
             delete(USERNAME_TAG);
             delete(PASSWORD_TAG);
         }
         else{
-            delete(scope.getName() + "." + USERNAME_TAG);
-            delete(scope.getName() + "." + PASSWORD_TAG);
+            delete(scope.getScope() + "." + USERNAME_TAG);
+            delete(scope.getScope() + "." + PASSWORD_TAG);
         }
         notifyChangeListeners();
     }
@@ -151,13 +153,13 @@ public void setScopedAuthentication(ScopedAuthenticationToken scopedAuthenticati
             throw new RuntimeException("Username and password must both be non-null and non-empty");
         }
         AuthenticationScope scope = scopedAuthenticationToken.getAuthenticationScope();
-        if(scope == null || scope.getName().trim().isEmpty()){
+        if(scope == null || scope.getScope().trim().isEmpty()){
             set(USERNAME_TAG, username);
             set(PASSWORD_TAG, password);
         }
         else{
-            set(scope.getName() + "." + USERNAME_TAG, username);
-            set(scope.getName() + "." + PASSWORD_TAG, password);
+            set(scope.getScope() + "." + USERNAME_TAG, username);
+            set(scope.getScope() + "." + PASSWORD_TAG, password);
         }
         notifyChangeListeners();
         LOGGER.log(Level.INFO, "Storing scoped authentication token " + scopedAuthenticationToken);
@@ -165,7 +167,7 @@ public void setScopedAuthentication(ScopedAuthenticationToken scopedAuthenticati
 
     /**
      * Retrieves all {@link ScopedAuthenticationToken}s in the secure store. A {@link ScopedAuthenticationToken}
-     * must be composed of both a user name and a password, i.e. items in the secure store that are not
+     * must be composed of both a username and a password, i.e. items in the secure store that are not
      * considered to be a part of an authentication token are ignored.
      * @return List of {@link ScopedAuthenticationToken}s.
      * @throws Exception on error
@@ -197,8 +199,8 @@ private List<ScopedAuthenticationToken> matchEntries(List<String> aliases) throw
             String username;
             String password;
             AuthenticationScope scope = null;
-            // Non-scoped alias?
-            if(tokens.length == 1 && USERNAME_TAG.equals(tokens[0])){
+
+            if(tokens.length == 1 && USERNAME_TAG.equals(tokens[0])){ // Non-scoped alias
                 // It is assumed that the secure store can contain zero or one entries named "username" or "password".
                 // It is further assumed that these are "matching" items, i.e. they constitute a non-scoped authentication
                 // token that was persisted at some point.
@@ -206,9 +208,12 @@ private List<ScopedAuthenticationToken> matchEntries(List<String> aliases) throw
                 password = get(PASSWORD_TAG);
             }
             else{
-                scope = AuthenticationScope.fromString(tokens[0]);
-                username = get(scope.getName() + "." + USERNAME_TAG);
-                password = get(scope.getName() + "." + PASSWORD_TAG);
+                scope = findAuthenticationScopeFromProviders(tokens[0]);
+                if(scope == null){
+                    throw new IllegalArgumentException("No authentication provider found matching scope \"" + tokens[0] + "\"");
+                }
+                username = get(tokens[0] + "." + USERNAME_TAG);
+                password = get(scope.getScope() + "." + PASSWORD_TAG);
             }
             // Add only if password was found.
             if(password != null){
@@ -218,6 +223,18 @@ private List<ScopedAuthenticationToken> matchEntries(List<String> aliases) throw
         return allScopedAuthenticationTokens;
     }
 
+    private AuthenticationScope findAuthenticationScopeFromProviders(String key){
+        List<ServiceAuthenticationProvider> authenticationProviders =
+                ServiceLoader.load(ServiceAuthenticationProvider.class).stream().map(ServiceLoader.Provider::get)
+                        .collect(Collectors.toList());
+        for(ServiceAuthenticationProvider serviceAuthenticationProvider : authenticationProviders){
+            if(serviceAuthenticationProvider.getAuthenticationScope().getScope().equals(key)){
+                return serviceAuthenticationProvider.getAuthenticationScope();
+            }
+        }
+        return null;
+    }
+
     private void notifyChangeListeners(){
         ServiceLoader<SecureStoreChangeHandler> changeHandlers = ServiceLoader.load(SecureStoreChangeHandler.class);
         changeHandlers.stream().forEach(c -> {
diff --git a/core/security/src/main/java/org/phoebus/security/tokens/AuthenticationScope.java b/core/security/src/main/java/org/phoebus/security/tokens/AuthenticationScope.java
index a91367ef8c..1615ceaebf 100644
--- a/core/security/src/main/java/org/phoebus/security/tokens/AuthenticationScope.java
+++ b/core/security/src/main/java/org/phoebus/security/tokens/AuthenticationScope.java
@@ -19,42 +19,19 @@
 
 package org.phoebus.security.tokens;
 
-import java.util.Arrays;
-
 /**
- * Enum constants for authentication scopes used in dedicated use cases and applications.
- * Restrictions on the name of an {@link AuthenticationScope} value:
- * <ul>
- *     <li>Must match regexp [a-z-]*, i.e. lower case alphanumeric chars, except digits, plus hyphen (-)</li>
- *     <li>Must be unique among other enum names</li>
- * </ul>
+ * Interface defining how to interact with {@link AuthenticationScope}s
  */
-public enum AuthenticationScope {
-
-    LOGBOOK("logbook"),
-    SAVE_AND_RESTORE("save-and-restore");
-
-    private String name = null;
-
-    private String supportedNamePattern = "[a-z-]*";
+public interface AuthenticationScope{
 
     /**
-     * Internal use.
-     * @param name Valid name
-     * @throws IllegalArgumentException if the name does not match [a-z-]*.
+     * @return A string that must be unique between implementations and must match regular expression [a-z-]*
      */
-    AuthenticationScope(String name) throws IllegalArgumentException{
-        if(!name.matches(supportedNamePattern)){
-            throw new IllegalArgumentException("Name " + name + " invalid");
-        }
-        this.name = name;
-    }
+    String getScope();
 
-    public String getName(){
-        return name;
-    }
+    /**
+     * @return A string intended for whatever UI.
+     */
+    String getDisplayName();
 
-    public static AuthenticationScope fromString(String s){
-        return Arrays.stream(values()).filter(a -> a.name.equals(s)).findFirst().orElse(null);
-    }
 }
diff --git a/core/security/src/main/java/org/phoebus/security/tokens/ScopedAuthenticationToken.java b/core/security/src/main/java/org/phoebus/security/tokens/ScopedAuthenticationToken.java
index c90b60ef2d..7b34d28107 100644
--- a/core/security/src/main/java/org/phoebus/security/tokens/ScopedAuthenticationToken.java
+++ b/core/security/src/main/java/org/phoebus/security/tokens/ScopedAuthenticationToken.java
@@ -46,7 +46,7 @@ public ScopedAuthenticationToken(String username, String password){
     public ScopedAuthenticationToken(AuthenticationScope scope, String username, String password){
         this(username, password);
         if(scope != null){
-            if(scope.getName().trim().isEmpty()){
+            if(scope.getScope().trim().isEmpty()){
                 this.scope = null;
             }
             else{
@@ -76,6 +76,6 @@ public int hashCode(){
 
     @Override
     public String toString(){
-        return "Scope: " + (scope != null ? scope.getName() : "") + ", username: " + getUsername();
+        return "Scope: " + (scope != null ? scope.getScope() : "") + ", username: " + getUsername();
     }
 }
diff --git a/core/security/src/test/java/org/phoebus/security/authorization/tokens/ScopedAuthenticationTokenTest.java b/core/security/src/test/java/org/phoebus/security/authorization/tokens/ScopedAuthenticationTokenTest.java
index c55a59de5c..5be88b2427 100644
--- a/core/security/src/test/java/org/phoebus/security/authorization/tokens/ScopedAuthenticationTokenTest.java
+++ b/core/security/src/test/java/org/phoebus/security/authorization/tokens/ScopedAuthenticationTokenTest.java
@@ -43,16 +43,24 @@ public void testScopedAuthenticationToken() {
         scopedAuthenticationToken = new ScopedAuthenticationToken(null, "username", "password");
         assertNull(scopedAuthenticationToken.getAuthenticationScope());
 
-        scopedAuthenticationToken = new ScopedAuthenticationToken(AuthenticationScope.LOGBOOK, "username", "password");
-        assertEquals(AuthenticationScope.LOGBOOK, scopedAuthenticationToken.getAuthenticationScope());
     }
 
     @Test
     public void testEqualsAndHashCode() {
         ScopedAuthenticationToken scopedAuthenticationToken1 = new ScopedAuthenticationToken("username", "password");
         ScopedAuthenticationToken scopedAuthenticationToken2 = new ScopedAuthenticationToken("username", "somethingelse");
-        ScopedAuthenticationToken scopedAuthenticationToken3 = new ScopedAuthenticationToken(AuthenticationScope.LOGBOOK, "username", "somethingelse");
-        ScopedAuthenticationToken scopedAuthenticationToken4 = new ScopedAuthenticationToken(AuthenticationScope.LOGBOOK, "username1", "somethingelse");
+        ScopedAuthenticationToken scopedAuthenticationToken3 = new ScopedAuthenticationToken(new AuthenticationScope() {
+            @Override
+            public String getScope() {
+                return "key";
+            }
+
+            @Override
+            public String getDisplayName() {
+                return "";
+            }
+        }, "username", "somethingelse");
+        ScopedAuthenticationToken scopedAuthenticationToken4 = new ScopedAuthenticationToken(new TestAuthenticationScope(), "username1", "somethingelse");
 
         assertEquals(scopedAuthenticationToken1, scopedAuthenticationToken2);
         assertNotEquals(scopedAuthenticationToken1, scopedAuthenticationToken3);
@@ -66,8 +74,16 @@ public void testEqualsAndHashCode() {
         assertNotEquals(scopedAuthenticationToken1.hashCode(), scopedAuthenticationToken2.hashCode());
     }
 
-    @Test
-    public void testFromString(){
-        assertEquals(AuthenticationScope.SAVE_AND_RESTORE, AuthenticationScope.fromString(AuthenticationScope.SAVE_AND_RESTORE.getName()));
+
+    private class TestAuthenticationScope implements AuthenticationScope{
+        @Override
+        public String getScope(){
+            return "key";
+        }
+
+        @Override
+        public String getDisplayName(){
+            return "Display name";
+        }
     }
 }
diff --git a/core/security/src/test/java/org/phoebus/security/store/SecureStoreTest.java b/core/security/src/test/java/org/phoebus/security/store/SecureStoreTest.java
index 5842ceea4c..80234f6460 100644
--- a/core/security/src/test/java/org/phoebus/security/store/SecureStoreTest.java
+++ b/core/security/src/test/java/org/phoebus/security/store/SecureStoreTest.java
@@ -20,11 +20,14 @@
 
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
+import org.phoebus.security.authorization.ServiceAuthenticationProvider;
 import org.phoebus.security.tokens.AuthenticationScope;
 import org.phoebus.security.tokens.ScopedAuthenticationToken;
 
 import java.io.File;
 import java.util.List;
+import java.util.ServiceLoader;
+import java.util.stream.Collectors;
 
 import static org.junit.jupiter.api.Assertions.*;
 
@@ -37,8 +40,13 @@ public class SecureStoreTest {
 
     private static SecureStore memorySecureStore;
 
+    private static List<ServiceAuthenticationProvider> authenticationProviders;
+
     @BeforeAll
     public static void setup() throws Exception {
+        authenticationProviders =
+                ServiceLoader.load(ServiceAuthenticationProvider.class).stream().map(ServiceLoader.Provider::get)
+                        .collect(Collectors.toList());
         File secureStoreFile;
         secureStoreFile = new File(System.getProperty("user.home"), "TestOnlySecureStore.dat");
         if (secureStoreFile.exists()) {
@@ -115,10 +123,10 @@ public void testGetAllScopedTokens() throws Exception {
 
         secureStore.set(SecureStore.USERNAME_TAG, "username");
         secureStore.set(SecureStore.PASSWORD_TAG, "password");
-        secureStore.set(AuthenticationScope.LOGBOOK.getName() + "." + SecureStore.USERNAME_TAG, "username1");
-        secureStore.set(AuthenticationScope.LOGBOOK.getName() +  "." + SecureStore.PASSWORD_TAG, "password1");
-        secureStore.set(AuthenticationScope.SAVE_AND_RESTORE.getName() +  "." + SecureStore.USERNAME_TAG, "username2");
-        secureStore.set(AuthenticationScope.SAVE_AND_RESTORE.getName() +  "." + SecureStore.PASSWORD_TAG, "password2");
+        secureStore.set("service1." + SecureStore.USERNAME_TAG, "username1");
+        secureStore.set("service1." + SecureStore.PASSWORD_TAG, "password1");
+        secureStore.set("service2." + SecureStore.USERNAME_TAG, "username2");
+        secureStore.set("service2." + SecureStore.PASSWORD_TAG, "password2");
 
         List<ScopedAuthenticationToken> tokens = secureStore.getAuthenticationTokens();
         assertEquals(3, tokens.size());
@@ -129,10 +137,10 @@ public void testGetAllScopedTokens() throws Exception {
 
         memorySecureStore.set(SecureStore.USERNAME_TAG, "username");
         memorySecureStore.set(SecureStore.PASSWORD_TAG, "password");
-        memorySecureStore.set(AuthenticationScope.LOGBOOK.getName() +  "." + SecureStore.USERNAME_TAG, "username1");
-        memorySecureStore.set(AuthenticationScope.LOGBOOK.getName() +  "." + SecureStore.PASSWORD_TAG, "password1");
-        memorySecureStore.set(AuthenticationScope.SAVE_AND_RESTORE.getName() +  "." + SecureStore.USERNAME_TAG, "username2");
-        memorySecureStore.set(AuthenticationScope.SAVE_AND_RESTORE.getName() +  "." + SecureStore.PASSWORD_TAG, "password2");
+        memorySecureStore.set("service1." + SecureStore.USERNAME_TAG, "username1");
+        memorySecureStore.set("service1." + SecureStore.PASSWORD_TAG, "password1");
+        memorySecureStore.set("service2." + SecureStore.USERNAME_TAG, "username2");
+        memorySecureStore.set("service2." + SecureStore.PASSWORD_TAG, "password2");
 
         tokens = memorySecureStore.getAuthenticationTokens();
         assertEquals(3, tokens.size());
@@ -145,18 +153,18 @@ public void testGetScopedToken() throws Exception {
 
         secureStore.set(SecureStore.USERNAME_TAG, "username");
         secureStore.set(SecureStore.PASSWORD_TAG, "password");
-        secureStore.set(AuthenticationScope.LOGBOOK.getName() + "." +SecureStore.USERNAME_TAG, "username1");
-        secureStore.set(AuthenticationScope.LOGBOOK.getName() +  "." + SecureStore.PASSWORD_TAG, "password1");
-        secureStore.set(AuthenticationScope.SAVE_AND_RESTORE.getName() +  "." + SecureStore.USERNAME_TAG, "username2");
-        secureStore.set(AuthenticationScope.SAVE_AND_RESTORE.getName() +  "." + SecureStore.PASSWORD_TAG, "password2");
+        secureStore.set("service1." +SecureStore.USERNAME_TAG, "username1");
+        secureStore.set("service1." + SecureStore.PASSWORD_TAG, "password1");
+        secureStore.set("service2." + SecureStore.USERNAME_TAG, "username2");
+        secureStore.set("service2." + SecureStore.PASSWORD_TAG, "password2");
 
         ScopedAuthenticationToken token = secureStore.getScopedAuthenticationToken(null);
         assertNotNull(token);
         assertNull(token.getAuthenticationScope());
 
-        token = secureStore.getScopedAuthenticationToken(AuthenticationScope.LOGBOOK);
+        token = secureStore.getScopedAuthenticationToken(authenticationProviders.get(0).getAuthenticationScope());
         assertNotNull(token);
-        assertEquals(AuthenticationScope.LOGBOOK, token.getAuthenticationScope());
+        assertEquals("service1", token.getAuthenticationScope().getScope());
         assertEquals("username1", token.getUsername());
 
         token = secureStore.getScopedAuthenticationToken(null);
@@ -166,18 +174,18 @@ public void testGetScopedToken() throws Exception {
 
         memorySecureStore.set(SecureStore.USERNAME_TAG, "username");
         memorySecureStore.set(SecureStore.PASSWORD_TAG, "password");
-        memorySecureStore.set(AuthenticationScope.LOGBOOK.getName() +  "." + SecureStore.USERNAME_TAG, "username1");
-        memorySecureStore.set(AuthenticationScope.LOGBOOK.getName() +  "." + SecureStore.PASSWORD_TAG, "password1");
-        memorySecureStore.set(AuthenticationScope.SAVE_AND_RESTORE.getName() +  "." + SecureStore.USERNAME_TAG, "username2");
-        memorySecureStore.set(AuthenticationScope.SAVE_AND_RESTORE.getName() +  "." + SecureStore.PASSWORD_TAG, "password2");
+        memorySecureStore.set("service1." + SecureStore.USERNAME_TAG, "username1");
+        memorySecureStore.set("service1." + SecureStore.PASSWORD_TAG, "password1");
+        memorySecureStore.set("service2." + SecureStore.USERNAME_TAG, "username2");
+        memorySecureStore.set("service2." + SecureStore.PASSWORD_TAG, "password2");
 
         token = memorySecureStore.getScopedAuthenticationToken(null);
         assertNotNull(token);
         assertNull(token.getAuthenticationScope());
 
-        token = memorySecureStore.getScopedAuthenticationToken(AuthenticationScope.LOGBOOK);
+        token = memorySecureStore.getScopedAuthenticationToken(authenticationProviders.get(0).getAuthenticationScope());
         assertNotNull(token);
-        assertEquals(AuthenticationScope.LOGBOOK, token.getAuthenticationScope());
+        assertEquals("service1", token.getAuthenticationScope().getScope());
         assertEquals("username1", token.getUsername());
 
         token = memorySecureStore.getScopedAuthenticationToken(null);
@@ -208,8 +216,8 @@ public void testGetAllScopedTokensLegacyOnly() throws Exception {
     @Test
     public void testSetScopedAuthenticationToken() throws Exception {
         secureStore.setScopedAuthentication(new ScopedAuthenticationToken("username", "password"));
-        secureStore.setScopedAuthentication(new ScopedAuthenticationToken(AuthenticationScope.LOGBOOK, "username1", "password1"));
-        secureStore.setScopedAuthentication(new ScopedAuthenticationToken(AuthenticationScope.SAVE_AND_RESTORE, "username2", "password2"));
+        secureStore.setScopedAuthentication(new ScopedAuthenticationToken(authenticationProviders.get(0).getAuthenticationScope(), "username1", "password1"));
+        secureStore.setScopedAuthentication(new ScopedAuthenticationToken(authenticationProviders.get(1).getAuthenticationScope(), "username2", "password2"));
 
         List<ScopedAuthenticationToken> tokens = secureStore.getAuthenticationTokens();
         assertEquals(3, tokens.size());
@@ -217,9 +225,9 @@ public void testSetScopedAuthenticationToken() throws Exception {
         secureStore.deleteAllScopedAuthenticationTokens();
 
         memorySecureStore.setScopedAuthentication(new ScopedAuthenticationToken("username", "password"));
-        memorySecureStore.setScopedAuthentication(new ScopedAuthenticationToken(AuthenticationScope.LOGBOOK, "username1", "password1"));
-        memorySecureStore.setScopedAuthentication(new ScopedAuthenticationToken(AuthenticationScope.SAVE_AND_RESTORE, "username2", "password2"));
-        memorySecureStore.setScopedAuthentication(new ScopedAuthenticationToken(AuthenticationScope.SAVE_AND_RESTORE, "username3", "password3"));
+        memorySecureStore.setScopedAuthentication(new ScopedAuthenticationToken(authenticationProviders.get(0).getAuthenticationScope(), "username1", "password1"));
+        memorySecureStore.setScopedAuthentication(new ScopedAuthenticationToken(authenticationProviders.get(1).getAuthenticationScope(), "username2", "password2"));
+        memorySecureStore.setScopedAuthentication(new ScopedAuthenticationToken(authenticationProviders.get(1).getAuthenticationScope(), "username3", "password3"));
 
         tokens = memorySecureStore.getAuthenticationTokens();
         assertEquals(3, tokens.size());
@@ -293,8 +301,8 @@ public void testSetInvalidAuthenticationToken() throws Exception {
     public void testDeleteAllScopedAuthenticationTokens() throws Exception {
 
         secureStore.setScopedAuthentication(new ScopedAuthenticationToken("username", "password"));
-        secureStore.setScopedAuthentication(new ScopedAuthenticationToken(AuthenticationScope.LOGBOOK, "username1", "password1"));
-        secureStore.setScopedAuthentication(new ScopedAuthenticationToken(AuthenticationScope.SAVE_AND_RESTORE, "username2", "password2"));
+        secureStore.setScopedAuthentication(new ScopedAuthenticationToken(authenticationProviders.get(0).getAuthenticationScope(), "username1", "password1"));
+        secureStore.setScopedAuthentication(new ScopedAuthenticationToken(authenticationProviders.get(1).getAuthenticationScope(), "username2", "password2"));
 
         List<ScopedAuthenticationToken> tokens = secureStore.getAuthenticationTokens();
         assertEquals(3, tokens.size());
@@ -304,8 +312,8 @@ public void testDeleteAllScopedAuthenticationTokens() throws Exception {
         assertEquals(0, tokens.size());
 
         memorySecureStore.setScopedAuthentication(new ScopedAuthenticationToken("username", "password"));
-        memorySecureStore.setScopedAuthentication(new ScopedAuthenticationToken(AuthenticationScope.LOGBOOK, "username1", "password1"));
-        memorySecureStore.setScopedAuthentication(new ScopedAuthenticationToken(AuthenticationScope.SAVE_AND_RESTORE, "username2", "password2"));
+        memorySecureStore.setScopedAuthentication(new ScopedAuthenticationToken(authenticationProviders.get(0).getAuthenticationScope(), "username1", "password1"));
+        memorySecureStore.setScopedAuthentication(new ScopedAuthenticationToken(authenticationProviders.get(1).getAuthenticationScope(), "username2", "password2"));
 
         tokens = memorySecureStore.getAuthenticationTokens();
         assertEquals(3, tokens.size());
@@ -317,22 +325,22 @@ public void testDeleteAllScopedAuthenticationTokens() throws Exception {
 
     @Test
     public void testOverwriteScopedAuthentication() throws Exception {
-        secureStore.setScopedAuthentication(new ScopedAuthenticationToken(AuthenticationScope.LOGBOOK, "username1", "password1"));
+        secureStore.setScopedAuthentication(new ScopedAuthenticationToken(authenticationProviders.get(0).getAuthenticationScope(), "username1", "password1"));
 
-        ScopedAuthenticationToken token = secureStore.getScopedAuthenticationToken(AuthenticationScope.LOGBOOK);
+        ScopedAuthenticationToken token = secureStore.getScopedAuthenticationToken(authenticationProviders.get(0).getAuthenticationScope());
         assertEquals("username1", token.getUsername());
 
-        secureStore.setScopedAuthentication(new ScopedAuthenticationToken(AuthenticationScope.LOGBOOK, "username2", "password1"));
-        token = secureStore.getScopedAuthenticationToken(AuthenticationScope.LOGBOOK);
+        secureStore.setScopedAuthentication(new ScopedAuthenticationToken(authenticationProviders.get(0).getAuthenticationScope(), "username2", "password1"));
+        token = secureStore.getScopedAuthenticationToken(authenticationProviders.get(0).getAuthenticationScope());
         assertEquals("username2", token.getUsername());
 
-        memorySecureStore.setScopedAuthentication(new ScopedAuthenticationToken(AuthenticationScope.LOGBOOK, "username1", "password1"));
+        memorySecureStore.setScopedAuthentication(new ScopedAuthenticationToken(authenticationProviders.get(0).getAuthenticationScope(), "username1", "password1"));
 
-        token = memorySecureStore.getScopedAuthenticationToken(AuthenticationScope.LOGBOOK);
+        token = memorySecureStore.getScopedAuthenticationToken(authenticationProviders.get(0).getAuthenticationScope());
         assertEquals("username1", token.getUsername());
 
-        memorySecureStore.setScopedAuthentication(new ScopedAuthenticationToken(AuthenticationScope.LOGBOOK, "username2", "password1"));
-        token = memorySecureStore.getScopedAuthenticationToken(AuthenticationScope.LOGBOOK);
+        memorySecureStore.setScopedAuthentication(new ScopedAuthenticationToken(authenticationProviders.get(0).getAuthenticationScope(), "username2", "password1"));
+        token = memorySecureStore.getScopedAuthenticationToken(authenticationProviders.get(0).getAuthenticationScope());
         assertEquals("username2", token.getUsername());
     }
 }
diff --git a/core/security/src/test/java/org/phoebus/security/store/ServiceAuthenticationProviderOne.java b/core/security/src/test/java/org/phoebus/security/store/ServiceAuthenticationProviderOne.java
new file mode 100644
index 0000000000..d69d1a0bd1
--- /dev/null
+++ b/core/security/src/test/java/org/phoebus/security/store/ServiceAuthenticationProviderOne.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2025 European Spallation Source ERIC.
+ */
+
+package org.phoebus.security.store;
+
+import org.phoebus.security.authorization.AuthenticationStatus;
+import org.phoebus.security.authorization.ServiceAuthenticationProvider;
+import org.phoebus.security.tokens.AuthenticationScope;
+
+public class ServiceAuthenticationProviderOne implements ServiceAuthenticationProvider {
+
+    @Override
+    public AuthenticationStatus authenticate(String username, String password){
+        return AuthenticationStatus.AUTHENTICATED;
+    }
+
+    @Override
+    public AuthenticationScope getAuthenticationScope() {
+        return new AuthenticationScope() {
+            @Override
+            public String getScope() {
+                return "service1";
+            }
+
+            @Override
+            public String getDisplayName() {
+                return "";
+            }
+        };
+    }
+}
diff --git a/core/security/src/test/java/org/phoebus/security/store/ServiceAuthenticationProviderTwo.java b/core/security/src/test/java/org/phoebus/security/store/ServiceAuthenticationProviderTwo.java
new file mode 100644
index 0000000000..5808cea10e
--- /dev/null
+++ b/core/security/src/test/java/org/phoebus/security/store/ServiceAuthenticationProviderTwo.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2025 European Spallation Source ERIC.
+ */
+
+package org.phoebus.security.store;
+
+import org.phoebus.security.authorization.AuthenticationStatus;
+import org.phoebus.security.authorization.ServiceAuthenticationProvider;
+import org.phoebus.security.tokens.AuthenticationScope;
+
+public class ServiceAuthenticationProviderTwo implements ServiceAuthenticationProvider {
+
+    @Override
+    public AuthenticationStatus authenticate(String username, String password) {
+        return AuthenticationStatus.AUTHENTICATED;
+    }
+
+    @Override
+    public AuthenticationScope getAuthenticationScope() {
+        return new AuthenticationScope() {
+            @Override
+            public String getScope() {
+                return "service2";
+            }
+
+            @Override
+            public String getDisplayName() {
+                return "";
+            }
+        };
+    }
+}
diff --git a/core/security/src/test/resources/META-INF/services/org.phoebus.security.authorization.ServiceAuthenticationProvider b/core/security/src/test/resources/META-INF/services/org.phoebus.security.authorization.ServiceAuthenticationProvider
new file mode 100644
index 0000000000..0e963dda17
--- /dev/null
+++ b/core/security/src/test/resources/META-INF/services/org.phoebus.security.authorization.ServiceAuthenticationProvider
@@ -0,0 +1,6 @@
+#
+# Copyright (C) 2025 European Spallation Source ERIC.
+#
+
+org.phoebus.security.store.ServiceAuthenticationProviderOne
+org.phoebus.security.store.ServiceAuthenticationProviderTwo
\ No newline at end of file
diff --git a/core/ui/doc/images/CredentialsManagement.png b/core/ui/doc/images/CredentialsManagement.png
deleted file mode 100644
index 0828b9ec63..0000000000
Binary files a/core/ui/doc/images/CredentialsManagement.png and /dev/null differ
diff --git a/core/ui/doc/images/CredentialsManagement_Empty.png b/core/ui/doc/images/CredentialsManagement_Empty.png
deleted file mode 100644
index 1f36f43bc6..0000000000
Binary files a/core/ui/doc/images/CredentialsManagement_Empty.png and /dev/null differ
diff --git a/core/ui/doc/index.rst b/core/ui/doc/index.rst
index 6e62491bda..c4867ff96b 100644
--- a/core/ui/doc/index.rst
+++ b/core/ui/doc/index.rst
@@ -22,29 +22,3 @@ PV List
 Opened from the ``Applications``, ``Debug`` menu,
 the PV List panel lists all active PVs,
 their connection state and the reference count.
-
-Credentials Management
-======================
-
-Some applications may need to prompt the user for credentials, e.g. when interacting with a protected
-remote service. One such example would be the electronic logbook.
-
-Further, Phoebus may be configured to store the credentials entered by the user to avoid repeated prompts.
-In order to also support an explicit logout capability, the Credentials Management application offers means to
-remove stored credentials.
-
-In some cases an explicit login procedure can be useful, e.g. login to service for the purpose of storing
-user credentials and thereby support automated creation of logbook entries.
-
-The application is launched using the dedicated button in the (bottom) status bar.
-
-The below screen shot shows an example where credentials have been stored for the "logbook" scope,
-plus an option to login to the "<remote service>" scope. User may also choose to "logout" from all scopes,
-i.e. to remove all stored credentials.
-
-.. image:: images/CredentialsManagement.png
-
-If no credentials are stored in the credentials store, and if no services supporting authentication have been configured,
-the Credentials Management UI will show a static message:
-
-.. image:: images/CredentialsManagement_Empty.png
\ No newline at end of file
diff --git a/core/ui/src/main/resources/css/credentials-management-style.css b/core/ui/src/main/resources/css/credentials-management-style.css
deleted file mode 100644
index 5f318d1728..0000000000
--- a/core/ui/src/main/resources/css/credentials-management-style.css
+++ /dev/null
@@ -1,20 +0,0 @@
-.text-field-styling{
-     -fx-padding: 5px 3px 3px 3px;
-     -fx-border-insets: 5px 3px 3px 3px;
-     -fx-background-insets: 5px 3px 3px 3px;
-     -fx-border-color: #cdcdcd;
-     -fx-border-radius: 3px;
-}
-
-.table-view .table-column{
-    -fx-alignment:center;
-}
-
-.table-view .table-cell{
-    -fx-font-weight: bold;
-    -fx-font-size: 14px;
-}
-
-.button-style{
-    -fx-pref-width: 100px;
-}
diff --git a/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/controllers/AuthenticationController.java b/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/controllers/AuthenticationController.java
index a726acfb27..54f99d5c4c 100644
--- a/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/controllers/AuthenticationController.java
+++ b/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/controllers/AuthenticationController.java
@@ -20,7 +20,6 @@
 package org.phoebus.service.saveandrestore.web.controllers;
 
 import org.phoebus.applications.saveandrestore.model.LoginCredentials;
-import org.phoebus.applications.saveandrestore.model.UserData;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -28,15 +27,12 @@
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.GrantedAuthority;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import java.util.stream.Collectors;
 
 /**
  * Controller class for user authentication endpoints.
@@ -52,25 +48,18 @@ public class AuthenticationController extends BaseController {
      * Authenticates user.
      *
      * @param loginCredentials User's credentials
-     * @return A {@link ResponseEntity} carrying a {@link UserData} object if the login was successful,
-     * otherwise the body will be <code>null</code>.
+     * @return A {@link ResponseEntity} indicating the outcome, e.g. OK (200) or UNAUTHORIZED (401)
      */
     @PostMapping(value = "login")
-    public ResponseEntity<UserData> login(@RequestBody LoginCredentials loginCredentials) {
+    public ResponseEntity<Void> login(@RequestBody LoginCredentials loginCredentials) {
         Authentication authentication =
                 new UsernamePasswordAuthenticationToken(loginCredentials.username(), loginCredentials.password());
         try {
-            authentication = authenticationManager.authenticate(authentication);
+            authenticationManager.authenticate(authentication);
         } catch (AuthenticationException e) {
             Logger.getLogger(AuthenticationController.class.getName()).log(Level.WARNING, "Unable to authenticate user " + loginCredentials.username());
-            return new ResponseEntity<>(
-                    null,
-                    HttpStatus.UNAUTHORIZED);
+            return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
         }
-        List<String> roles = authentication.getAuthorities().stream()
-                .map(GrantedAuthority::getAuthority).collect(Collectors.toList());
-        return new ResponseEntity<>(
-                new UserData(loginCredentials.username(), roles),
-                HttpStatus.OK);
+        return new ResponseEntity<>(HttpStatus.OK);
     }
 }