diff --git a/src/Maker/MakeAuthenticator.php b/src/Maker/MakeAuthenticator.php
index 68abfc096..df2c7bcf5 100644
--- a/src/Maker/MakeAuthenticator.php
+++ b/src/Maker/MakeAuthenticator.php
@@ -226,7 +226,8 @@ public function generate(InputInterface $input, ConsoleStyle $io, Generator $gen
                 $entryPoint,
                 $input->getArgument('authenticator-class'),
                 $input->hasArgument('logout-setup') ? $input->getArgument('logout-setup') : false,
-                $this->useSecurity52
+                $this->useSecurity52,
+                self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')
             );
             $generator->dumpFile($path, $newYaml);
             $securityYamlUpdated = true;
diff --git a/src/Security/SecurityConfigUpdater.php b/src/Security/SecurityConfigUpdater.php
index 8355df15c..96ba1b11f 100644
--- a/src/Security/SecurityConfigUpdater.php
+++ b/src/Security/SecurityConfigUpdater.php
@@ -59,7 +59,7 @@ public function updateForUserClass(string $yamlSource, UserClassConfiguration $u
         return $contents;
     }
 
-    public function updateForAuthenticator(string $yamlSource, string $firewallName, $chosenEntryPoint, string $authenticatorClass, bool $logoutSetup, bool $useSecurity52): string
+    public function updateForAuthenticator(string $yamlSource, string $firewallName, $chosenEntryPoint, string $authenticatorClass, bool $logoutSetup, bool $useSecurity52, bool $addAccessControlRule = false): string
     {
         $this->manipulator = new YamlSourceManipulator($yamlSource);
 
@@ -134,6 +134,20 @@ public function updateForAuthenticator(string $yamlSource, string $firewallName,
 
         $newData['security']['firewalls'][$firewallName] = $firewall;
 
+        $accessControlRules = $newData['security']['access_control'] ?? [];
+
+        foreach ($accessControlRules as $rule) {
+            if (0 === strpos($rule['path'], '^/login')) {
+                $addAccessControlRule = false;
+                break;
+            }
+        }
+
+        if ($addAccessControlRule) {
+            array_unshift($accessControlRules, ['path' => '^/login$', 'roles' => 'IS_AUTHENTICATED_ANONYMOUSLY']);
+            $newData['security']['access_control'] = $accessControlRules;
+        }
+
         $this->manipulator->setData($newData);
 
         return $this->manipulator->getContents();
diff --git a/tests/Security/SecurityConfigUpdaterTest.php b/tests/Security/SecurityConfigUpdaterTest.php
index 05e43cc9e..d27013d75 100644
--- a/tests/Security/SecurityConfigUpdaterTest.php
+++ b/tests/Security/SecurityConfigUpdaterTest.php
@@ -100,13 +100,13 @@ public function getUserClassTests()
     /**
      * @dataProvider getAuthenticatorTests
      */
-    public function testUpdateForAuthenticator(string $firewallName, $entryPoint, string $expectedSourceFilename, string $startingSourceFilename, bool $logoutSetup, bool $useSecurity51)
+    public function testUpdateForAuthenticator(string $firewallName, $entryPoint, string $expectedSourceFilename, string $startingSourceFilename, bool $logoutSetup, bool $useSecurity51, bool $addAccessControl = false)
     {
         $this->createLogger();
 
         $updater = new SecurityConfigUpdater($this->ysmLogger);
         $source = file_get_contents(__DIR__.'/yaml_fixtures/source/'.$startingSourceFilename);
-        $actualSource = $updater->updateForAuthenticator($source, $firewallName, $entryPoint, 'App\\Security\\AppCustomAuthenticator', $logoutSetup, $useSecurity51);
+        $actualSource = $updater->updateForAuthenticator($source, $firewallName, $entryPoint, 'App\\Security\\AppCustomAuthenticator', $logoutSetup, $useSecurity51, $addAccessControl);
         $expectedSource = file_get_contents(__DIR__.'/yaml_fixtures/expected_authenticator/'.$expectedSourceFilename);
 
         $this->assertSame($expectedSource, $actualSource);
@@ -185,6 +185,26 @@ public function getAuthenticatorTests()
             false,
             true,
         ];
+
+        yield 'simple_security_with_access_control' => [
+            'main',
+            null,
+            'simple_security_with_access_control.yaml',
+            'simple_security_with_access_control.yaml',
+            false,
+            false,
+            true,
+        ];
+
+        yield 'simple_security_without_access_control' => [
+            'main',
+            null,
+            'simple_security_with_added_access_control.yaml',
+            'simple_security.yaml',
+            false,
+            false,
+            true,
+        ];
     }
 
     private function createLogger(): void
diff --git a/tests/Security/yaml_fixtures/expected_authenticator/simple_security_with_access_control.yaml b/tests/Security/yaml_fixtures/expected_authenticator/simple_security_with_access_control.yaml
new file mode 100644
index 000000000..5c74c4135
--- /dev/null
+++ b/tests/Security/yaml_fixtures/expected_authenticator/simple_security_with_access_control.yaml
@@ -0,0 +1,18 @@
+security:
+    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
+    providers:
+        in_memory: { memory: ~ }
+
+    firewalls:
+        dev: ~
+        main:
+            anonymous: lazy
+            guard:
+                authenticators:
+                    - App\Security\AppCustomAuthenticator
+
+
+    # Easy way to control access for large sections of your site
+    # Note: Only the *first* access control that matches will be used
+    access_control:
+        - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
diff --git a/tests/Security/yaml_fixtures/expected_authenticator/simple_security_with_added_access_control.yaml b/tests/Security/yaml_fixtures/expected_authenticator/simple_security_with_added_access_control.yaml
new file mode 100644
index 000000000..1b56e5c4b
--- /dev/null
+++ b/tests/Security/yaml_fixtures/expected_authenticator/simple_security_with_added_access_control.yaml
@@ -0,0 +1,16 @@
+security:
+    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
+    providers:
+        in_memory: { memory: ~ }
+
+    firewalls:
+        dev: ~
+        main:
+            anonymous: lazy
+            guard:
+                authenticators:
+                    - App\Security\AppCustomAuthenticator
+    access_control:
+        -
+            path: ^/login$
+            roles: IS_AUTHENTICATED_ANONYMOUSLY
diff --git a/tests/Security/yaml_fixtures/source/simple_security_with_access_control.yaml b/tests/Security/yaml_fixtures/source/simple_security_with_access_control.yaml
new file mode 100644
index 000000000..09738e204
--- /dev/null
+++ b/tests/Security/yaml_fixtures/source/simple_security_with_access_control.yaml
@@ -0,0 +1,13 @@
+security:
+    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
+    providers:
+        in_memory: { memory: ~ }
+
+    firewalls:
+        dev: ~
+        main: ~
+
+    # Easy way to control access for large sections of your site
+    # Note: Only the *first* access control that matches will be used
+    access_control:
+        - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }