diff --git a/src/Umbraco.Web/Security/Identity/AppBuilderExtensions.cs b/src/Umbraco.Web/Security/Identity/AppBuilderExtensions.cs
index be4c8923d7..ef1f213c89 100644
--- a/src/Umbraco.Web/Security/Identity/AppBuilderExtensions.cs
+++ b/src/Umbraco.Web/Security/Identity/AppBuilderExtensions.cs
@@ -153,10 +153,10 @@ namespace Umbraco.Web.Security.Identity
         /// <returns></returns>
         public static IAppBuilder UseUmbracoBackOfficeCookieAuthentication(this IAppBuilder app, ApplicationContext appContext, PipelineStage stage)
         {
-            if (app == null) throw new ArgumentNullException("app");
-            if (appContext == null) throw new ArgumentNullException("appContext");
+            //Create the default options and provider
+            var authOptions = app.CreateUmbracoCookieAuthOptions();
 
-            var cookieAuthProvider = new BackOfficeCookieAuthenticationProvider
+            authOptions.Provider = new BackOfficeCookieAuthenticationProvider
             {
                 // Enables the application to validate the security stamp when the user 
                 // logs in. This is a security feature which is used when you 
@@ -166,20 +166,39 @@ namespace Umbraco.Web.Security.Identity
                         TimeSpan.FromMinutes(30),
                         (manager, user) => user.GenerateUserIdentityAsync(manager),
                         identity => identity.GetUserId<int>()),
+
             };
 
-            var authOptions = CreateCookieAuthOptions();
-            authOptions.Provider = cookieAuthProvider;
+            return app.UseUmbracoBackOfficeCookieAuthentication(appContext, authOptions, stage);
+        }
 
-            app.UseUmbracoBackOfficeCookieAuthentication(authOptions, appContext, stage);
+        /// <summary>
+        /// Ensures that the UmbracoBackOfficeAuthenticationMiddleware is assigned to the pipeline
+        /// </summary>
+        /// <param name="app"></param>
+        /// <param name="appContext"></param>
+        /// <param name="cookieOptions">Custom auth cookie options can be specified to have more control over the cookie authentication logic</param>
+        /// <param name="stage">
+        /// Configurable pipeline stage
+        /// </param>
+        /// <returns></returns>
+        public static IAppBuilder UseUmbracoBackOfficeCookieAuthentication(this IAppBuilder app, ApplicationContext appContext, CookieAuthenticationOptions cookieOptions, PipelineStage stage)
+        {
+            if (app == null) throw new ArgumentNullException("app");
+            if (appContext == null) throw new ArgumentNullException("appContext");
+            if (cookieOptions == null) throw new ArgumentNullException("cookieOptions");
+            if (cookieOptions.Provider == null) throw new ArgumentNullException("cookieOptions.Provider");
+            if ((cookieOptions.Provider is BackOfficeCookieAuthenticationProvider) == false) throw new ArgumentException("The cookieOptions.Provider must be of type " + typeof(BackOfficeCookieAuthenticationProvider));
+            
+            app.UseUmbracoBackOfficeCookieAuthenticationInternal(cookieOptions, appContext, stage);
 
-            //don't apply if app isnot ready
+            //don't apply if app is not ready
             if (appContext.IsUpgrading || appContext.IsConfigured)
             {
-                var getSecondsOptions = CreateCookieAuthOptions(
+                var getSecondsOptions = app.CreateUmbracoCookieAuthOptions(
                     //This defines the explicit path read cookies from for this middleware
                     new[] {string.Format("{0}/backoffice/UmbracoApi/Authentication/GetRemainingTimeoutSeconds", GlobalSettings.Path)});
-                getSecondsOptions.Provider = cookieAuthProvider;
+                getSecondsOptions.Provider = cookieOptions.Provider;
 
                 //This is a custom middleware, we need to return the user's remaining logged in seconds
                 app.Use<GetUserSecondsMiddleWare>(
@@ -191,7 +210,7 @@ namespace Umbraco.Web.Security.Identity
             return app;
         }
 
-        internal static IAppBuilder UseUmbracoBackOfficeCookieAuthentication(this IAppBuilder app, CookieAuthenticationOptions options, ApplicationContext appContext, PipelineStage stage = PipelineStage.Authenticate)
+        private static void UseUmbracoBackOfficeCookieAuthenticationInternal(this IAppBuilder app, CookieAuthenticationOptions options, ApplicationContext appContext, PipelineStage stage)
         {
             if (app == null)
             {
@@ -209,9 +228,7 @@ namespace Umbraco.Web.Security.Identity
             }
 
             //Marks all of the above middlewares to execute on Authenticate
-            app.UseStageMarker(stage);
-
-            return app;
+            app.UseStageMarker(stage);            
         }
 
 
@@ -294,7 +311,7 @@ namespace Umbraco.Web.Security.Identity
             //don't apply if app isnot ready
             if (appContext.IsConfigured)
             {
-                var authOptions = CreateCookieAuthOptions();                
+                var authOptions = app.CreateUmbracoCookieAuthOptions();                
                 app.Use(typeof(PreviewAuthenticationMiddleware),  authOptions);
 
                 //This middleware must execute at least on PostAuthentication, by default it is on Authorize
@@ -321,9 +338,10 @@ namespace Umbraco.Web.Security.Identity
         /// <summary>
         /// Create the default umb cookie auth options
         /// </summary>
+        /// <param name="app"></param>
         /// <param name="explicitPaths"></param>
         /// <returns></returns>
-        private static UmbracoBackOfficeCookieAuthOptions CreateCookieAuthOptions(string[] explicitPaths = null)
+        public static UmbracoBackOfficeCookieAuthOptions CreateUmbracoCookieAuthOptions(this IAppBuilder app, string[] explicitPaths = null)
         {
             var authOptions = new UmbracoBackOfficeCookieAuthOptions(
                 explicitPaths,