diff --git a/apps/emqx_authn/src/emqx_authn.erl b/apps/emqx_authn/src/emqx_authn.erl
index 27f3eab10..0f734fb30 100644
--- a/apps/emqx_authn/src/emqx_authn.erl
+++ b/apps/emqx_authn/src/emqx_authn.erl
@@ -20,6 +20,7 @@
 
 -export([ enable/0
         , disable/0
+        , is_enabled/0
         ]).
 
 -export([authenticate/2]).
@@ -84,6 +85,14 @@ disable() ->
     emqx:unhook('client.authenticate', {?MODULE, authenticate, []}),
     ok.
 
+is_enabled() ->
+    Callbacks = emqx_hooks:lookup('client.authenticate'),
+    lists:any(fun({callback, {?MODULE, authenticate, []}, _, _}) ->
+                  true;
+                 (_) ->
+                  false
+              end, Callbacks).
+
 authenticate(Credential, _AuthResult) ->
     case mnesia:dirty_read(?CHAIN_TAB, ?CHAIN) of
         [#chain{authenticators = Authenticators}] ->
diff --git a/apps/emqx_authn/src/emqx_authn_api.erl b/apps/emqx_authn/src/emqx_authn_api.erl
index fe53629de..63c536d5e 100644
--- a/apps/emqx_authn/src/emqx_authn_api.erl
+++ b/apps/emqx_authn/src/emqx_authn_api.erl
@@ -131,6 +131,27 @@ authentication_api() ->
                 },
                 <<"400">> => ?ERR_RESPONSE(<<"Bad Request">>)
             }
+        },
+        get => #{
+            description => "Get status of authentication",
+            responses => #{
+                <<"200">> => #{
+                    description => <<"OK">>,
+                    content => #{
+                        'application/json' => #{
+                            schema => #{
+                                type => object,
+                                properties => #{
+                                    enabled => #{
+                                        type => boolean,
+                                        example => true
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
         }
     },
     {"/authentication", Metadata, authentication}.
@@ -1153,7 +1174,10 @@ authentication(post, Request) ->
             serialize_error({invalid_parameter, enable});
         _ ->
             serialize_error({missing_parameter, enable})
-    end.
+    end;
+authentication(get, _Request) ->
+    Enabled = emqx_authn:is_enabled(),
+    {200, #{enabled => Enabled}}.
 
 authenticators(post, Request) ->
     {ok, Body, _} = cowboy_req:read_body(Request),
diff --git a/apps/emqx_authn/test/emqx_authn_SUITE.erl b/apps/emqx_authn/test/emqx_authn_SUITE.erl
index 36b0eabf3..92e506d51 100644
--- a/apps/emqx_authn/test/emqx_authn_SUITE.erl
+++ b/apps/emqx_authn/test/emqx_authn_SUITE.erl
@@ -101,5 +101,7 @@ t_authenticate(_) ->
                    username => <<"myuser">>,
 			       password => <<"mypass">>},
     ?assertEqual(ok, emqx_access_control:authenticate(ClientInfo)),
+    ?assertEqual(false, emqx_authn:is_enabled()),
     emqx_authn:enable(),
+    ?assertEqual(true, emqx_authn:is_enabled()),
     ?assertEqual({error, not_authorized}, emqx_access_control:authenticate(ClientInfo)).