diff --git a/docs/reference/security/authentication/configuring-pki-realm.asciidoc b/docs/reference/security/authentication/configuring-pki-realm.asciidoc
index 499113989be14..428e6f73fb239 100644
--- a/docs/reference/security/authentication/configuring-pki-realm.asciidoc
+++ b/docs/reference/security/authentication/configuring-pki-realm.asciidoc
@@ -37,7 +37,7 @@ realms you specify are used for authentication. If you also want to use the
 
 --
 
-. Optional: The username (as defined by the username_pattern) is used for auditing and logging.
+. Optional: The username is defined by the <<ref-pki-settings, username_pattern>>.
 If you want to use something other than the CN of the Subject DN as
 the username, you can specify a regex to extract the desired username. The regex
 is applied on the Subject DN.
diff --git a/docs/reference/settings/security-settings.asciidoc b/docs/reference/settings/security-settings.asciidoc
index 494dc428a295b..6a60a8a6703fe 100644
--- a/docs/reference/settings/security-settings.asciidoc
+++ b/docs/reference/settings/security-settings.asciidoc
@@ -1015,7 +1015,8 @@ the following settings:
 `username_pattern`::
 (<<static-cluster-setting,Static>>)
 The regular expression pattern used to extract the username from the
-certificate DN. The username is used for auditing and logging (not role mapping).
+certificate DN. The username is used for auditing and logging. The username can also be used
+with the <<role-mapping-resources, role mapping API>> and <<configuring-authorization-delegation, authorization delegation>>.
 The first match group is the used as the username.
 Defaults to `CN=(.*?)(?:,|$)`.