diff --git a/core/src/main/java/org/keycloak/representations/idm/CredentialRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/CredentialRepresentation.java
index 99237ee23f..406ded3ac1 100755
--- a/core/src/main/java/org/keycloak/representations/idm/CredentialRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/CredentialRepresentation.java
@@ -20,6 +20,8 @@ public class CredentialRepresentation {
     protected String hashedSaltedValue;
     protected String salt;
     protected Integer hashIterations;
+    // only used when updating a credential.  Might set required action
+    protected boolean temporary;
 
     public String getType() {
         return type;
@@ -68,4 +70,12 @@ public class CredentialRepresentation {
     public void setHashIterations(Integer hashIterations) {
         this.hashIterations = hashIterations;
     }
+
+    public boolean isTemporary() {
+        return temporary;
+    }
+
+    public void setTemporary(boolean temporary) {
+        this.temporary = temporary;
+    }
 }
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/users.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/users.js
index 52a933f90a..c4f7375dcd 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/users.js
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/users.js
@@ -267,7 +267,7 @@ module.controller('UserCredentialsCtrl', function($scope, realm, user, User, Use
         $scope.isTotp = user.totp;
     }
 
-    $scope.resetPassword = function() {
+    $scope.resetPassword = function(temporary) {
         if ($scope.pwdChange) {
             if ($scope.password != $scope.confirmPassword) {
                 Notifications.error("Password and confirmation does not match.");
@@ -275,8 +275,15 @@ module.controller('UserCredentialsCtrl', function($scope, realm, user, User, Use
             }
         }
 
-        Dialog.confirm('Reset password', 'Are you sure you want to reset the users password?', function() {
-            UserCredentials.resetPassword({ realm: realm.realm, userId: user.username }, { type : "password", value : $scope.password }, function() {
+        var msgTitle = 'Change password';
+        var msg = 'Are you sure you want to change the users password?';
+        if (temporary) {
+            msgTitle = 'Reset password';
+            msg = 'Are you sure you want to reset the users password?';
+        }
+
+        Dialog.confirm(msgTitle, msg, function() {
+            UserCredentials.resetPassword({ realm: realm.realm, userId: user.username }, { type : "password", value : $scope.password, temporary: temporary }, function() {
                 Notifications.success("The password has been reset");
                 $scope.password = null;
                 $scope.confirmPassword = null;
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-claims.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-claims.html
index 0bea3618ad..a29215ac58 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-claims.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-claims.html
@@ -12,7 +12,7 @@
     </ul>
     <h2></h2>
     <div id="content">
-        <h2 data-ng-hide="create"><span>{{application.name}}</span> Allowed Claims</h2>
+        <h2 data-ng-hide="create"><span>{{application.name}}</span> Allowed Claims <span tooltip-placement="right" tooltip="Allows you to restrict which claim information is stored in the access token generated for the application." class="pficon pficon-help"></span></h2>
         <form class="form-horizontal" name="claimForm">
             <div data-ng-include data-src="'partials/claims.html'"></div>
             <div class="pull-right form-actions" data-ng-show="access.manageApplications">
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-detail.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-detail.html
index 517556a281..741f53f733 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-detail.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-detail.html
@@ -32,13 +32,14 @@
                 </div>
                 <div class="form-group clearfix block">
                     <label class="col-sm-2 control-label" for="enabled">Enabled</label>
-                    <div class="col-sm-4">
+                    <div class="col-sm-6">
                         <input ng-model="application.enabled" name="enabled" id="enabled" onoffswitch />
                     </div>
+                    <span tooltip-placement="right" tooltip="Disabled applications cannot initiate a login or have obtain access tokens." class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group">
                     <label class="col-sm-2 control-label" for="accessType">Access Type</label>
-                    <div class="col-sm-4">
+                    <div class="col-sm-6">
                         <div class="select-kc">
                             <select id="accessType"
                                     ng-change="changeAccessType()"
@@ -47,6 +48,7 @@
                             </select>
                         </div>
                     </div>
+                    <span tooltip-placement="right" tooltip="'Confidential' applications require a secret to initiate login protocol.  'Public' clients do not require a secret.  'Bearer-only' applications are web services that never initiate a login." class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group" data-ng-show="!application.bearerOnly">
                     <label class="col-sm-2 control-label" for="newRedirectUri">Redirect URI <span class="required" data-ng-show="create">*</span></label>
@@ -70,6 +72,7 @@
                             </span>
                         </div>
                     </div>
+                    <span tooltip-placement="right" tooltip="Valid URI pattern a browser can redirect to after a successful login or logout.  Simple wildcards are allowed i.e. 'http://example.com/*'.  Relative path can be specified too i.e. /my/relative/path/*.  Relative paths will generate a redirect URI using the request's host and port." class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group" data-ng-show="!application.bearerOnly && !create">
                     <label class="col-sm-2 control-label" for="baseUrl">Base URL</label>
@@ -77,6 +80,7 @@
                         <input class="form-control" type="text" name="baseUrl" id="baseUrl"
                                data-ng-model="application.baseUrl">
                     </div>
+                    <span tooltip-placement="right" tooltip="Optional URL to use when linking to this application. i.e. the welcome page." class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group" data-ng-hide="create">
                     <label class="col-sm-2 control-label" for="adminUrl">Admin URL</label>
@@ -84,6 +88,7 @@
                         <input class="form-control" type="text" name="adminUrl" id="adminUrl"
                                data-ng-model="application.adminUrl">
                     </div>
+                    <span tooltip-placement="right" tooltip="URL to the admin interface of the application.  Set this if the application supports the adapter REST API.  This REST API allows the auth server to push revocation policies and other adminstrative tasks.  Usually this is set to the base URL of the application." class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group" data-ng-show="!application.bearerOnly && !create">
                     <label class="col-sm-2 control-label" for="newWebOrigin">Web Origin</label>
@@ -107,6 +112,7 @@
                             </span>
                         </div>
                     </div>
+                    <span tooltip-placement="right" tooltip="Allowed CORS origins.  Only useful if the client adapter has CORS processing enabled." class="pficon pficon-help"></span>
                 </div>
             </fieldset>
 
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-installation.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-installation.html
index 7a32fea681..4187bf963d 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-installation.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-installation.html
@@ -14,7 +14,7 @@
     <h2></h2>
 
     <div id="content">
-        <h2><span>{{application.name}}</span> Installation</h2>
+        <h2><span>{{application.name}}</span> Installation <span tooltip-placement="right" tooltip="Helper utility for generating various client adapter configuration formats which you can download or cut and paste to configure your client applications." class="pficon pficon-help"></span></h2>
         <form class="form-horizontal" name="realmForm" novalidate>
             <fieldset class="border-top">
                 <div class="form-group input-select">
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-list.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-list.html
index 892e4b87a6..37cb2ab557 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-list.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-list.html
@@ -5,7 +5,7 @@
     </ul>
     <h2></h2>
     <div id="content">
-        <h2><span>{{realm.realm}}</span> Applications</h2>
+        <h2><span>{{realm.realm}}</span> Applications  <span tooltip-placement="right" tooltip="Applications are trusted browser apps and web services in a realm.  These applications can request a login. You can also define application specific roles." class="pficon pficon-help"></span></h2>
         <table class="table table-striped table-bordered">
             <thead>
             <tr>
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-revocation.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-revocation.html
index 3353a93845..9670154138 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-revocation.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-revocation.html
@@ -20,6 +20,7 @@
                     <div class="col-sm-4">
                         <input ng-disabled="true" class="form-control" type="text" id="notBefore" name="notBefore" data-ng-model="notBefore" autofocus>
                     </div>
+                    <span tooltip-placement="right" tooltip="Revoke any tokens issued before this date for this application." class="pficon pficon-help"></span>
                 </div>
             </fieldset>
             <div class="pull-right form-actions" data-ng-show="access.manageApplications">
@@ -27,7 +28,7 @@
                 </button>
                 <button type="submit" data-ng-click="setNotBeforeNow()" class="btn btn-primary btn-lg">Set To Now
                 </button>
-                <button type="submit" data-ng-click="pushRevocation()" class="btn btn-primary btn-lg">Push
+                <button type="submit" data-ng-click="pushRevocation()" class="btn btn-primary btn-lg" tooltip="If admin URL is configured for this application, push this policy to that application." tooltip-placement="bottom">Push
                 </button>
             </div>
         </form>
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-role-list.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-role-list.html
index 128729e949..bca7267321 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-role-list.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-role-list.html
@@ -13,7 +13,7 @@
     </ul>
     <h2></h2>
     <div id="content">
-        <h2><span>{{application.name}}</span> Roles</h2>
+        <h2><span>{{application.name}}</span> Application Roles</h2>
         <table class="table table-striped table-bordered">
             <thead>
             <tr>
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-scope-mappings.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-scope-mappings.html
index f466b9b5c2..1aca4f46a0 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-scope-mappings.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-scope-mappings.html
@@ -13,7 +13,7 @@
     </ul>
     <h2></h2>
     <div id="content">
-        <h2><span>{{application.name}}</span> Scope Mappings</h2>
+        <h2><span>{{application.name}}</span> Scope Mappings <span tooltip-placement="right" tooltip="Scope mappings allow you to restrict which user role mappings are included within the access token requested by the application." class="pficon pficon-help"></span></h2>
         <p class="subtitle"></p>
         <form class="form-horizontal" name="allowScope" novalidate kc-read-only="!access.manageApplications">
             <fieldset class="border-top">
@@ -22,17 +22,18 @@
                     <div class="col-sm-4">
                         <input ng-model="application.fullScopeAllowed" ng-click="changeFullScopeAllowed()" name="fullScopeAllowed" id="fullScopeAllowed" onoffswitch />
                     </div>
+                    <span tooltip-placement="right" tooltip="Allows you to disable all restrictions." class="pficon pficon-help"></span>
                 </div>
             </fieldset>
         </form>
 
         <form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageApplications" data-ng-show="!application.fullScopeAllowed">
             <fieldset>
-                <legend><span class="text">Realm Roles</span></legend>
+                <legend><span class="text">Realm Roles</span>  <span tooltip-placement="right" tooltip="Realm level roles assigned to scope." class="pficon pficon-help"></span></legend>
                 <div class="form-group col-sm-10">
                     <div class="controls changing-selectors">
                         <div class="select-title">
-                            <label class="control-label" for="available">Available Roles</label>
+                            <label class="control-label" for="available">Available Roles  <span tooltip-placement="right" tooltip="Realm level roles that can be assigned to scope." class="pficon pficon-help"></span></label>
                             <select id="available" class="form-control" multiple size="5"
                                     ng-multiple="true"
                                     ng-model="selectedRealmRoles"
@@ -41,14 +42,14 @@
                         </div>
                         <div class="middle-buttons kc-vertical">
                             <button class="btn btn-default" type="submit" ng-click="addRealmRole()" tooltip="Move right" tooltip-placement="right">
-                                <span class="kc-icon-arrow-right">Move right</span>
+                                <span class="kc-icon-arrow-right">Assign role</span>
                             </button>
                             <button class="btn btn-default" type="submit" ng-click="deleteRealmRole()" tooltip="Move left" tooltip-placement="left">
-                                <span class="kc-icon-arrow-left">Move left</span>
+                                <span class="kc-icon-arrow-left">Unassign role</span>
                             </button>
                         </div>
                         <div class="select-title">
-                            <label class="control-label" for="assigned">Assigned Roles</label>
+                            <label class="control-label" for="assigned">Assigned Roles  <span tooltip-placement="right" tooltip="Realm level roles assigned to scope." class="pficon pficon-help"></span></label>
                             <select id="assigned" class="form-control" multiple size=5
                                     ng-multiple="true"
                                     ng-model="selectedRealmMappings"
@@ -59,7 +60,7 @@
                             -
                         </div>
                         <div class="select-title">
-                            <label class="control-label" for="realm-composite">Effective Roles</label>
+                            <label class="control-label" for="realm-composite">Effective Roles  <span tooltip-placement="right" tooltip="Assigned realm level roles that may have been inherited from a composite role." class="pficon pficon-help"></span></label>
                             <select id="realm-composite" class="form-control" multiple size=5
                                     ng-disabled="true"
                                     ng-model="dummymodel"
@@ -83,11 +84,12 @@
                             </div>
                         </div>
                     </div>
+                    <span tooltip-placement="right" tooltip="Select an application to view or modify additional roles to assign." class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group" ng-show="targetApp">
                     <div class="controls changing-selectors col-sm-10">
                         <div class="select-title">
-                            <label class="control-label" for="app-available">Available Roles</label>
+                            <label class="control-label" for="app-available">Available Roles  <span tooltip-placement="right" tooltip="Application roles available to be assigned." class="pficon pficon-help"></span></label>
                             <select id="app-available" class="form-control" multiple size="5"
                                     ng-multiple="true"
                                     ng-model="selectedApplicationRoles"
@@ -95,15 +97,15 @@
                             </select>
                         </div>
                         <div class="middle-buttons kc-vertical">
-                            <button class="btn btn-default" type="submit" ng-click="addApplicationRole()" tooltip="Move right" tooltip-placement="right">
+                            <button class="btn btn-default" type="submit" ng-click="addApplicationRole()" tooltip="Assign role" tooltip-placement="right">
                                 <span class="kc-icon-arrow-right">Move right</span>
                             </button>
-                            <button class="btn btn-default" type="submit" ng-click="deleteApplicationRole()" tooltip="Move left" tooltip-placement="left">
+                            <button class="btn btn-default" type="submit" ng-click="deleteApplicationRole()" tooltip="Unassign role" tooltip-placement="left">
                                 <span class="kc-icon-arrow-left">Move left</span>
                             </button>
                         </div>
                         <div class="select-title">
-                            <label class="control-label" for="app-assigned">Assigned Roles</label>
+                            <label class="control-label" for="app-assigned">Assigned Roles  <span tooltip-placement="right" tooltip="Assigned application roles." class="pficon pficon-help"></span></label>
                             <select id="app-assigned" class="form-control" multiple size=5
                                     ng-multiple="true"
                                     ng-model="selectedApplicationMappings"
@@ -114,7 +116,7 @@
                             -
                         </div>
                         <div class="select-title">
-                            <label class="control-label" for="app-composite">Effective Roles</label>
+                            <label class="control-label" for="app-composite">Effective Roles  <span tooltip-placement="right" tooltip="Assigned application roles that may have been inherited from a composite role." class="pficon pficon-help"></span></label>
                             <select id="app-composite" class="form-control" multiple size=5
                                     ng-disabled="true"
                                     ng-model="dummymodel"
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-sessions.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-sessions.html
index 6890c5f21b..8403f57ed0 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-sessions.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-sessions.html
@@ -12,7 +12,7 @@
     </ul>
     <h2></h2>
     <div id="content">
-        <h2><span>{{application.name}}</span> Sessions</h2>
+        <h2><span>{{application.name}}</span> Sessions  <span tooltip-placement="right" tooltip="View active sessions for this application.  Allows you to see which users are active and when they logged in." class="pficon pficon-help"></span></h2>
         <form class="form-horizontal" name="sessionStats">
             <fieldset class="border-top">
                 <div class="form-group">
@@ -20,15 +20,16 @@
                     <div class="col-sm-4">
                         <input class="form-control" type="text" id="activeSessions" name="activeSessions" data-ng-model="count" ng-disabled="true">
                     </div>
+                    <span tooltip-placement="right" tooltip="Total number of active user sessions for this application." class="pficon pficon-help"></span>
                 </div>
             </fieldset>
         </form>
         <table class="table table-striped table-bordered" data-ng-show="count > 0">
             <thead>
-            <tr data-ng-hide="sessions">
+            <tr>
                 <th class="kc-table-actions" colspan="3">
                     <div class="pull-right">
-                        <a class="btn btn-primary" ng-click="loadUsers()">Show Sessions</a>
+                        <a class="btn btn-primary" ng-click="loadUsers()" tooltip-placement="left" tooltip="Warning, this is a potentially expensive operation depending on number of active sessions.">Show Sessions</a>
                     </div>
                 </th>
             </tr>
@@ -38,7 +39,7 @@
                 <th>Session Start</th>
             </tr>
             </thead>
-            <tfoot data-ng-show="sessions">
+            <tfoot data-ng-show="sessions && sessions.length > 5">
             <tr>
                 <td colspan="7">
                     <div class="table-nav">
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-claims.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-claims.html
index 6bf63c414c..756a45159a 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-claims.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-claims.html
@@ -10,7 +10,7 @@
     </ul>
     <h2></h2>
     <div id="content">
-        <h2 data-ng-hide="create"><span>{{oauth.name}}</span> Allowed Claims</h2>
+        <h2 data-ng-hide="create"><span>{{oauth.name}}</span> Allowed Claims <span tooltip-placement="right" tooltip="Allows you to restrict which claim information is stored in the access token generated for the application." class="pficon pficon-help"></span></h2>
         <form class="form-horizontal" name="claimForm">
             <div data-ng-include data-src="'partials/claims.html'"></div>
             <div class="pull-right form-actions" data-ng-show="access.manageClients">
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-detail.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-detail.html
index 1cfd8bfba4..76167450eb 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-detail.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-detail.html
@@ -35,6 +35,7 @@
                     <div class="col-sm-4">
                         <input ng-model="oauth.enabled" name="enabled" id="enabled" onoffswitch />
                     </div>
+                    <span tooltip-placement="right" tooltip="Disabled oauth clients cannot obtain access tokens." class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group">
                     <label class="col-sm-2 control-label" for="accessType">Access Type</label>
@@ -47,12 +48,14 @@
                             </select>
                         </div>
                     </div>
+                    <span tooltip-placement="right" tooltip="'Confidential' oauth clients require a secret to initiate login protocol.  'Public' clients do not require a secret." class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group clearfix block">
                     <label class="col-sm-2 control-label" for="directGrantsOnly">Direct Grants Only</label>
                     <div class="col-sm-4">
                         <input ng-model="oauth.directGrantsOnly" name="directGrantsOnly" id="directGrantsOnly" onoffswitch />
                     </div>
+                    <span tooltip-placement="right" tooltip="When enabled, client can only obtain grants from grant REST API." class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group" data-ng-hide="oauth.directGrantsOnly">
                     <label class="col-sm-2 control-label" for="newRedirectUri">Redirect URI <span class="required" data-ng-show="create">*</span></label>
@@ -76,6 +79,7 @@
                             </span>
                         </div>
                     </div>
+                    <span tooltip-placement="right" tooltip="Valid URI pattern a browser can redirect to after a successful login or logout.  Simple wildcards are allowed i.e. 'http://example.com/*'.  Relative path can be specified too i.e. /my/relative/path/*.  Relative paths will generate a redirect URI using the request's host and port." class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group" data-ng-hide="create">
                     <label class="col-sm-2 control-label" for="newWebOrigin">Web Origin</label>
@@ -99,6 +103,7 @@
                             </span>
                         </div>
                     </div>
+                    <span tooltip-placement="right" tooltip="Allowed CORS origins.  Only useful if the client adapter has CORS processing enabled." class="pficon pficon-help"></span>
                 </div>
             </fieldset>
 
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-installation.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-installation.html
index 5e02fb972d..f20e8ba2e4 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-installation.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-installation.html
@@ -10,7 +10,7 @@
     </ul>
     <h2></h2>
     <div id="content">
-        <h2>OAuth Client Installation</h2>
+        <h2>OAuth Client Installation <span tooltip-placement="right" tooltip="Helper utility for generating various client adapter configuration formats which you can download or cut and paste to configure your client applications." class="pficon pficon-help"></span></h2>
         <form class="form-horizontal" name="realmForm" novalidate>
             <fieldset>
                 <div class="form-group">
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-list.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-list.html
index 06c8456105..a19323f4cf 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-list.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-list.html
@@ -5,7 +5,7 @@
     </ul>
     <h2></h2>
     <div id="content">
-        <h2><span>{{realm.realm}}</span> OAuth Clients</h2>
+        <h2><span>{{realm.realm}}</span> OAuth Clients <span tooltip-placement="right" tooltip="OAuth clients are like applicatoins, but are only granted temporary access.  In browser apps, users will be queried to explicitly grant access." class="pficon pficon-help"></span></h2>
         <table class="table table-striped table-bordered">
             <thead>
             <tr>
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-revocation.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-revocation.html
index fbde66a855..16941d66b9 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-revocation.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-revocation.html
@@ -18,6 +18,7 @@
                     <div class="col-sm-4">
                         <input ng-disabled="true" class="form-control" type="text" id="notBefore" name="notBefore" data-ng-model="notBefore" autofocus>
                     </div>
+                    <span tooltip-placement="right" tooltip="Revoke any tokens issued before this date for this client." class="pficon pficon-help"></span>
                 </div>
             </fieldset>
             <div class="pull-right form-actions" data-ng-show="access.manageApplications">
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-scope-mappings.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-scope-mappings.html
index b49566c80e..707cc3d2f6 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-scope-mappings.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-scope-mappings.html
@@ -11,7 +11,7 @@
     </ul>
     <h2></h2>
     <div id="content">
-        <h2><span>{{oauth.name}}</span> Scope Mappings</h2>
+        <h2><span>{{oauth.name}}</span> Scope Mappings <span tooltip-placement="right" tooltip="Scope mappings allow you to restrict which user role mappings are included within the access token requested by the client." class="pficon pficon-help"></span></h2>
         <p class="subtitle"></p>
         <form class="form-horizontal" name="allowScope" novalidate kc-read-only="!access.manageClients">
             <fieldset class="border-top">
@@ -20,16 +20,17 @@
                     <div class="col-sm-4">
                         <input ng-model="oauth.fullScopeAllowed" ng-click="changeFullScopeAllowed()" name="fullScopeAllowed" id="fullScopeAllowed" onoffswitch />
                     </div>
+                    <span tooltip-placement="right" tooltip="Allows you to disable all restrictions." class="pficon pficon-help"></span>
                 </div>
             </fieldset>
         </form>
         <form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageClients"  data-ng-show="!oauth.fullScopeAllowed">
             <fieldset>
-                <legend><span class="text">Realm Roles</span></legend>
+                <legend><span class="text">Realm Roles</span> <span tooltip-placement="right" tooltip="Realm level roles assigned to scope." class="pficon pficon-help"></span></legend>
                 <div class="form-group col-sm-10">
                     <div class="controls changing-selectors">
                         <div class="select-title">
-                            <label class="control-label" for="available">Available Roles</label>
+                            <label class="control-label" for="available">Available Roles <span tooltip-placement="right" tooltip="Realm level roles that can be assigned to scope." class="pficon pficon-help"></span></label>
                             <select id="available" class="form-control" multiple size="5"
                                     ng-multiple="true"
                                     ng-model="selectedRealmRoles"
@@ -37,15 +38,15 @@
                             </select>
                         </div>
                         <div class="middle-buttons kc-vertical">
-                            <button class="btn btn-default" type="submit" ng-click="addRealmRole()" tooltip="Move right" tooltip-placement="right">
-                                <span class="kc-icon-arrow-right">Move right</span>
+                            <button class="btn btn-default" type="submit" ng-click="addRealmRole()" tooltip="Assign role" tooltip-placement="right">
+                                <span class="kc-icon-arrow-right">Assign role</span>
                             </button>
-                            <button class="btn btn-default" type="submit" ng-click="deleteRealmRole()" tooltip="Move left" tooltip-placement="left">
-                                <span class="kc-icon-arrow-left">Move left</span>
+                            <button class="btn btn-default" type="submit" ng-click="deleteRealmRole()" tooltip="Unassign role" tooltip-placement="left">
+                                <span class="kc-icon-arrow-left">Unassign role</span>
                             </button>
                         </div>
                         <div class="select-title">
-                            <label class="control-label" for="assigned">Assigned Roles</label>
+                            <label class="control-label" for="assigned">Assigned Roles <span tooltip-placement="right" tooltip="Realm level roles assigned to scope." class="pficon pficon-help"></span></label>
                             <select id="assigned" class="form-control" multiple size=5
                                     ng-multiple="true"
                                     ng-model="selectedRealmMappings"
@@ -56,7 +57,7 @@
                             -
                         </div>
                         <div class="select-title">
-                            <label class="control-label" for="realm-composite">Effective Roles</label>
+                            <label class="control-label" for="realm-composite">Effective Roles <span tooltip-placement="right" tooltip="Assigned realm level roles that may have been inherited from a composite role." class="pficon pficon-help"></span></label>
                             <select id="realm-composite" class="form-control" multiple size=5
                                     ng-disabled="true"
                                     ng-model="dummymodel"
@@ -80,11 +81,12 @@
                             </div>
                         </div>
                     </div>
+                    <span tooltip-placement="right" tooltip="Select an application to view or modify additional roles to assign." class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group" data-ng-show="targetApp">
                     <div class="controls changing-selectors col-sm-10">
                         <div class="select-title">
-                            <label class="control-label" for="app-available">Available Roles</label>
+                            <label class="control-label" for="app-available">Available Roles <span tooltip-placement="right" tooltip="Application roles available to be assigned." class="pficon pficon-help"></span></label>
                             <select id="app-available" class="form-control" multiple size="5"
                                     ng-multiple="true"
                                     ng-model="selectedApplicationRoles"
@@ -92,15 +94,15 @@
                             </select>
                         </div>
                         <div class="middle-buttons kc-vertical">
-                            <button class="btn btn-default" type="submit" ng-click="addApplicationRole()" tooltip="Move right" tooltip-placement="right">
+                            <button class="btn btn-default" type="submit" ng-click="addApplicationRole()" tooltip="Assign role" tooltip-placement="right">
                                 <span class="kc-icon-arrow-right">Move right</span>
                             </button>
-                            <button class="btn btn-default" type="submit" ng-click="deleteApplicationRole()" tooltip="Move left" tooltip-placement="left">
+                            <button class="btn btn-default" type="submit" ng-click="deleteApplicationRole()" tooltip="Unassign role" tooltip-placement="left">
                                 <span class="kc-icon-arrow-left">Move left</span>
                             </button>
                         </div>
                         <div class="select-title">
-                            <label class="control-label" for="app-assigned">Assigned Roles</label>
+                            <label class="control-label" for="app-assigned">Assigned Roles <span tooltip-placement="right" tooltip="Assigned application roles." class="pficon pficon-help"></span></label>
                             <select id="app-assigned" class="form-control" multiple size=5
                                     ng-multiple="true"
                                     ng-model="selectedApplicationMappings"
@@ -111,7 +113,7 @@
                             -
                         </div>
                         <div class="select-title">
-                            <label class="control-label" for="app-composite">Effective Roles</label>
+                            <label class="control-label" for="app-composite">Effective Roles <span tooltip-placement="right" tooltip="Assigned application roles that may have been inherited from a composite role." class="pficon pficon-help"></span></label>
                             <select id="app-composite" class="form-control" multiple size=5
                                     ng-disabled="true"
                                     ng-model="dummymodel"
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-credentials.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-credentials.html
index 46b3c8d108..a5042406b2 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-credentials.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-credentials.html
@@ -7,7 +7,7 @@
         <h2><span>{{realm.realm}}</span> Credentials</h2>
         <form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageRealm">
             <fieldset class="border-top">
-                <legend><span class="text">Realm Credentials Settings</span></legend>
+                <legend><span class="text">Realm Credentials Settings</span>  <span tooltip-placement="right" tooltip="Credential types required for every user.  Changing this value may require the user to configure any new credentials the next time they log in." class="pficon pficon-help"></span></legend>
                 <div class="form-group">
                     <label class="col-sm-2 control-label" for="user" class="control-label two-lines">Required User Credentials</label>
 
@@ -17,7 +17,7 @@
                 </div>
             </fieldset>
             <fieldset class="border-top">
-                <legend><span class="text">Realm Password Policy</span> <span tooltip-placement="right" tooltip="Specify required password format.  How many times a password is hashed before it is stored in database can be set as well." class="pficon pficon-help"></span></legend>
+                <legend><span class="text">Realm Password Policy</span> <span tooltip-placement="right" tooltip="Specify required password format.  You can also set how many times a password is hashed before it is stored in database." class="pficon pficon-help"></span></legend>
                 <table class="table table-striped table-bordered">
                     <caption class="hidden">Table of Password Policies</caption>
                     <thead>
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-default-roles.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-default-roles.html
index 74027d288b..a8af7dd7e1 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-default-roles.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-default-roles.html
@@ -51,9 +51,9 @@
                                     <option value="" selected> Select an Application...</option>
                                 </select>
                             </div>
-                            <span tooltip-placement="right" tooltip="Select an application to view/modify assigned default roles." class="pficon pficon-help"></span>
                         </div>
                     </div>
+                    <span tooltip-placement="right" tooltip="Select an application to view/modify assigned default roles." class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group" ng-show="application">
                     <div class="controls changing-selectors col-sm-10">
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-keys.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-keys.html
index 38eda81b77..b56dcc4c7f 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-keys.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-keys.html
@@ -3,7 +3,7 @@
     <data-kc-navigation data-kc-current="keys" data-kc-realm="realm.realm" data-kc-social="realm.social"></data-kc-navigation>
     <h2></h2>
     <div id="content">
-        <h2><span>{{realm.realm}}</span> Realm Public Key <span tooltip-placement="right" tooltip="Public key for verifying signed tokens and other documents." class="pficon pficon-help"></span></h2>
+        <h2><span>{{realm.realm}}</span> Realm Public Key <span tooltip-placement="right" tooltip="Realm's public key.  This is used to verify any signed tokens or documents created by the realm." class="pficon pficon-help"></span></h2>
         <form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageRealm">
             <fieldset class="border-top">
                 <div class="form-group">
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-tokens.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-tokens.html
index 3e071ab9af..39768aac6c 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-tokens.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-tokens.html
@@ -12,14 +12,14 @@
             <fieldset class="border-top">
                 <div class="form-group input-select">
                     <label class="col-sm-2 control-label" for="ssoSessionIdleTimeout">SSO Session Idle Timeout</label>
-                    <div class="col-sm-10">
+                    <div class="col-sm-5">
                         <div class="row">
-                            <div class="col-sm-2">
+                            <div class="col-sm-4">
                                 <input class="form-control" type="number" required min="1"
                                        max="31536000" data-ng-model="realm.ssoSessionIdleTimeout"
                                        id="ssoSessionIdleTimeout" name="ssoSessionIdleTimeout"/>
                             </div>
-                            <div class="col-sm-2 select-kc">
+                            <div class="col-sm-4 select-kc">
                                 <select name="ssoSessionIdleTimeoutUnit" data-ng-model="realm.ssoSessionIdleTimeoutUnit" >
                                     <option data-ng-selected="!realm.ssoSessionIdleTimeoutUnit">Seconds</option>
                                     <option>Minutes</option>
@@ -29,17 +29,18 @@
                             </div>
                         </div>
                     </div>
+                    <span tooltip-placement="right" tooltip="Time a session is allowed to be idle before it expires.  Tokens and browser sessions are invalidated when a session is expired." class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group input-select">
                     <label class="col-sm-2 control-label" for="ssoSessionMaxLifespan">SSO Session Max Lifespan</label>
-                    <div class="col-sm-10">
+                    <div class="col-sm-5">
                         <div class="row">
-                            <div class="col-sm-2">
+                            <div class="col-sm-4">
                                 <input class="form-control" type="number" required min="1"
                                        max="31536000" data-ng-model="realm.ssoSessionMaxLifespan"
                                        id="ssoSessionMaxLifespan" name="ssoSessionMaxLifespan"/>
                             </div>
-                            <div class="col-sm-2 select-kc">
+                            <div class="col-sm-4 select-kc">
                                 <select name="ssoSessionMaxLifespanUnit" data-ng-model="realm.ssoSessionMaxLifespanUnit" >
                                     <option data-ng-selected="!realm.ssoSessionMaxLifespanUnit">Seconds</option>
                                     <option>Minutes</option>
@@ -49,17 +50,18 @@
                             </div>
                         </div>
                     </div>
+                    <span tooltip-placement="right" tooltip="Max time before a session is expired.  Tokens and browser sessions are invalidated when a session is expired." class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group input-select">
                     <label class="col-sm-2 control-label" for="accessTokenLifespan">Access Token Lifespan</label>
-                    <div class="col-sm-10">
+                    <div class="col-sm-5">
                         <div class="row">
-                            <div class="col-sm-2">
+                            <div class="col-sm-4">
                                 <input class="form-control" type="number" required min="1"
                                        max="31536000" data-ng-model="realm.accessTokenLifespan"
                                        id="accessTokenLifespan" name="accessTokenLifespan"/>
                             </div>
-                            <div class="col-sm-2 select-kc">
+                            <div class="col-sm-4 select-kc">
                                 <select name="accessTokenLifespanUnit" data-ng-model="realm.accessTokenLifespanUnit" >
                                     <option data-ng-selected="!realm.accessTokenLifespanUnit">Seconds</option>
                                     <option>Minutes</option>
@@ -69,15 +71,16 @@
                             </div>
                         </div>
                     </div>
+                    <span tooltip-placement="right" tooltip="Max time before an access token is expired.  This value is recommended to be short relative to the SSO timeout." class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group">
-                    <label class="col-sm-2 control-label" for="accessCodeLifespan">Access code lifespan</label>
-                    <div class="col-sm-10">
+                    <label class="col-sm-2 control-label" for="accessCodeLifespan">Client login timeout</label>
+                    <div class="col-sm-5">
                         <div class="row">
-                            <div class="col-sm-2">
+                            <div class="col-sm-4">
                                 <input class="form-control" type="number" required min="1" max="31536000" data-ng-model="realm.accessCodeLifespan" id="accessCodeLifespan" name="accessCodeLifespan">
                             </div>
-                            <div class="col-sm-2 select-kc">
+                            <div class="col-sm-4 select-kc">
                                 <select name="accessCodeLifespanUnit" data-ng-model="realm.accessCodeLifespanUnit">
                                     <option data-ng-selected="!realm.accessCodeLifespanUnit">Seconds</option>
                                     <option>Minutes</option>
@@ -87,15 +90,16 @@
                             </div>
                         </div>
                     </div>
+                    <span tooltip-placement="right" tooltip="Max time an application or oauth client has to finish the access token protocol.  This should normally be 1 minute." class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group input-select">
-                    <label class="col-sm-2 control-label" for="accessCodeLifespanUserAction" class="two-lines">Access code user action lifespan</label>
-                    <div class="col-sm-10">
+                    <label class="col-sm-2 control-label" for="accessCodeLifespanUserAction" class="two-lines">Login user action lifespan</label>
+                    <div class="col-sm-5">
                         <div class="row">
-                            <div class="col-sm-2">
+                            <div class="col-sm-4">
                                 <input class="form-control" type="number" required min="1" max="31536000" data-ng-model="realm.accessCodeLifespanUserAction" id="accessCodeLifespanUserAction" name="accessCodeLifespanUserAction">
                             </div>
-                            <div class="col-sm-2 select-kc">
+                            <div class="col-sm-4 select-kc">
                                 <select name="accessCodeLifespanUserActionUnit" data-ng-model="realm.accessCodeLifespanUserActionUnit">
                                     <option data-ng-selected="!realm.accessCodeLifespanUserActionUnit">Seconds</option>
                                     <option>Minutes</option>
@@ -105,6 +109,7 @@
                             </div>
                         </div>
                     </div>
+                    <span tooltip-placement="right" tooltip="Max time a user has to complete a login and perform actions like update password or configure totp.  This is recommended to be relatively long.  5 minutes or more." class="pficon pficon-help"></span>
                 </div>
             </fieldset>
             <div class="pull-right form-actions" data-ng-show="access.manageRealm">
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/user-credentials.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/user-credentials.html
index 5bc8a64ec3..2a7656b3c8 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/user-credentials.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/user-credentials.html
@@ -18,24 +18,25 @@
                 <legend><span class="text">Credential Management</span></legend>
                 <div class="form-group">
                     <label class="col-sm-2 control-label" for="password">Reset password</label>
-                    <div class="col-sm-4 kc-multiline">
-                        <input class="form-control" type="password" id="password" name="password" data-ng-model="password" placeholder="Temporary password" required>
+                    <div class="col-sm-6 kc-multiline">
+                        <input class="form-control" type="password" id="password" name="password" data-ng-model="password" placeholder="New password" required>
                         <input class="form-control" type="password" id="confirmPassword" name="confirmPassword" data-ng-model="confirmPassword" placeholder="Password confirmation" required>
-                        <button class="btn btn-danger" type="submit" data-ng-click="resetPassword()" data-ng-show="password">Reset Password</button>
+                        <button class="btn btn-danger" type="submit" data-ng-click="resetPassword(true)" data-ng-show="password" tooltip="Temporary reset of password.  User will be asked to change it when they log in." tooltip-placement="left">Reset Password</button>
+                        <button class="btn btn-danger" type="submit" data-ng-click="resetPassword(false)" data-ng-show="password" tooltip="Change the password of the user." tooltip-placement="right">Change Password</button>
                     </div>
                 </div>
 
                 <div class="form-group" data-ng-show="user.email">
                     <label class="col-sm-2 control-label" for="password">Reset password email</label>
-                    <div class="col-sm-4">
-                        <button class="btn btn-danger" type="submit" data-ng-click="resetPasswordEmail()" >Send Email</button>
+                    <div class="col-sm-5">
+                        <button class="btn btn-danger" type="submit" data-ng-click="resetPasswordEmail()" tooltip="Send an email to user with a link to reset their password" tooltip-placement="right">Send Email</button>
                     </div>
                 </div>
 
                 <div class="form-group" data-ng-show="user.totp">
                     <label class="col-sm-2 control-label" for="password">Remove totp</label>
-                    <div class="col-sm-4" data-ng-show="user.totp">
-                        <button class="btn btn-danger"  type="submit" data-ng-click="removeTotp()">Remove TOTP</button>
+                    <div class="col-sm-5" data-ng-show="user.totp">
+                        <button class="btn btn-danger"  type="submit" data-ng-click="removeTotp()" tooltip="Remove one time password generator for user." tooltip-placement="right">Remove TOTP</button>
                     </div>
                 </div>
             </fieldset>
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/user-detail.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/user-detail.html
index de468c4bf2..7b1e10c5ce 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/user-detail.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/user-detail.html
@@ -23,14 +23,14 @@
             <fieldset class="border-top">
                 <div class="form-group">
                     <label class="col-sm-2 control-label"for="id">ID</label>
-                    <div class="col-sm-4">
+                    <div class="col-sm-5">
                         <input class="form-control" type="text" id="id" name="id" data-ng-model="user.id" autofocus data-ng-readonly="true">
                     </div>
                 </div>
 
                 <div class="form-group">
                     <label class="col-sm-2 control-label"for="username">Username <span class="required" data-ng-show="create">*</span></label>
-                    <div class="col-sm-4">
+                    <div class="col-sm-5">
                         <!-- Characters >,<,/,\ are forbidden in username -->
                         <input class="form-control" type="text" id="username" name="username" data-ng-model="user.username" autofocus
                                required ng-pattern="/^[^\<\>\\\/]*$/">
@@ -40,7 +40,7 @@
                 <div class="form-group">
                     <label class="col-sm-2 control-label" for="email">Email</label>
 
-                    <div class="col-sm-4">
+                    <div class="col-sm-5">
                         <input class="form-control" type="email" name="email" id="email"
                                data-ng-model="user.email">
                     </div>
@@ -48,7 +48,7 @@
                 <div class="form-group">
                     <label class="col-sm-2 control-label" for="firstName">First Name</label>
 
-                    <div class="col-sm-4">
+                    <div class="col-sm-5">
                         <input class="form-control" type="text" name="firstName" id="firstName"
                                data-ng-model="user.firstName">
                     </div>
@@ -56,7 +56,7 @@
                 <div class="form-group">
                     <label class="col-sm-2 control-label" for="lastName">Last Name</label>
 
-                    <div class="col-sm-4">
+                    <div class="col-sm-5">
                         <input class="form-control" type="text" name="lastName" id="lastName"
                                data-ng-model="user.lastName">
                     </div>
@@ -64,22 +64,23 @@
 
                 <div class="form-group clearfix block">
                     <label class="col-sm-2 control-label" for="userEnabled">User Enabled</label>
-                    <div class="col-sm-4">
+                    <div class="col-sm-5">
                         <input ng-model="user.enabled" name="userEnabled" id="userEnabled" onoffswitch />
                     </div>
                     <span tooltip-placement="right" tooltip="A disabled user cannot login." class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group clearfix block" data-ng-show="!create && user.federationLink">
                     <label class="col-sm-2 control-label" for="userEnabled">Federation Link</label>
-                    <div class="col-sm-4">
+                    <div class="col-sm-5">
                         <a href="{{federationLink}}">{{federationLinkName}}</a>
                     </div>
                 </div>
                 <div class="form-group clearfix block">
                     <label class="col-sm-2 control-label" for="emailVerified">Email verified</label>
-                    <div class="col-sm-4">
+                    <div class="col-sm-5">
                         <input ng-model="user.emailVerified" name="emailVerified" id="emailVerified" onoffswitch />
                     </div>
+                    <span tooltip-placement="right" tooltip="Has the user's email been verified?" class="pficon pficon-help"></span>
                 </div>
                 <div class="form-group clearfix">
                     <label class="col-sm-2 control-label" for="reqActions">Required User Actions</label>
@@ -89,7 +90,7 @@
                             <option ng-repeat="action in userReqActionList" value="{{action.id}}">{{action.text}}</option>
                         </select>
                     </div>
-                    <span tooltip-placement="right" tooltip="Require an action when the user logs in. 'Update profile' requires user to enter in new personal information.  'Update password' requires user to enter in a new password.  'Configure TOTP' requires setup of a mobile password generator." class="pficon pficon-help"></span>
+                    <span tooltip-placement="right" tooltip="Require an action when the user logs in. 'Verify email' sends an email to the user to verify their email address.  'Update profile' requires user to enter in new personal information.  'Update password' requires user to enter in a new password.  'Configure TOTP' requires setup of a mobile password generator." class="pficon pficon-help"></span>
                 </div>
             </fieldset>
             <div class="pull-right form-actions" data-ng-show="create && access.manageUsers">
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/user-list.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/user-list.html
index 376597a94e..a291b64e85 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/user-list.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/user-list.html
@@ -36,7 +36,7 @@
             </tr>
             </tr>
             </thead>
-            <tfoot data-ng-hide="!users || users.length == 0">
+            <tfoot data-ng-show="users && users.length > 5">
             <tr>
                 <td colspan="7">
                     <div class="table-nav">
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index 278bc29736..628ef9a7c4 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -775,7 +775,7 @@ public class UsersResource {
 
         UserCredentialModel cred = RepresentationToModel.convertCredential(pass);
         session.users().updateCredential(realm, user, cred);
-        user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
+        if (pass.isTemporary()) user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
     }
 
     /**