diff --git a/docs/configuration.rst b/docs/configuration.rst
index 7ffab20d7..48b09213d 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -191,6 +191,16 @@ PAPERLESS_ENABLE_HTTP_REMOTE_USER=<bool>
     Allows authentication via HTTP_REMOTE_USER which is used by some SSO
     applications.
 
+    .. warning::
+
+        This will allow authentication by simply adding a ``Remote-User: <username>`` header
+        to a request. Use with care! You especially *must* ensure that any such header is not
+        passed from your proxy server to paperless.
+
+        If you're exposing paperless to the internet directly, do not use this.
+
+        Also see the warning `in the official documentation <https://docs.djangoproject.com/en/3.1/howto/auth-remote-user/#configuration>`.
+
     Defaults to `false` which disables this feature.
     
 PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME=<str>