diff --git a/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs b/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs
index 48e08d596a..7d4dd45fb8 100644
--- a/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs
+++ b/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs
@@ -15,6 +15,7 @@ namespace Umbraco.Cms.Core.Configuration.Models
         internal const bool StaticHideDisabledUsersInBackOffice = false;
         internal const bool StaticAllowPasswordReset = true;
         internal const string StaticAuthCookieName = "UMB_UCONTEXT";
+        internal const string StaticAllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+\\";
 
         /// <summary>
         /// Gets or sets a value indicating whether to keep the user logged in.
@@ -50,6 +51,12 @@ namespace Umbraco.Cms.Core.Configuration.Models
         /// </summary>
         public bool UsernameIsEmail { get; set; } = true;
 
+        /// <summary>
+        /// Gets or sets the set of allowed characters for a username
+        /// </summary>
+        [DefaultValue(StaticAllowedUserNameCharacters)]
+        public string AllowedUserNameCharacters { get; set; } = StaticAllowedUserNameCharacters;
+
         /// <summary>
         /// Gets or sets a value for the user password settings.
         /// </summary>
diff --git a/src/Umbraco.Web.Common/Security/ConfigureMemberIdentityOptions.cs b/src/Umbraco.Web.Common/Security/ConfigureMemberIdentityOptions.cs
index cc19670f83..db82ff2b05 100644
--- a/src/Umbraco.Web.Common/Security/ConfigureMemberIdentityOptions.cs
+++ b/src/Umbraco.Web.Common/Security/ConfigureMemberIdentityOptions.cs
@@ -10,9 +10,13 @@ namespace Umbraco.Cms.Web.Common.Security
     public sealed class ConfigureMemberIdentityOptions : IConfigureOptions<IdentityOptions>
     {
         private readonly MemberPasswordConfigurationSettings _memberPasswordConfiguration;
+        private readonly SecuritySettings _securitySettings;
 
-        public ConfigureMemberIdentityOptions(IOptions<MemberPasswordConfigurationSettings> memberPasswordConfiguration)
-            => _memberPasswordConfiguration = memberPasswordConfiguration.Value;
+        public ConfigureMemberIdentityOptions(IOptions<MemberPasswordConfigurationSettings> memberPasswordConfiguration, IOptions<SecuritySettings> securitySettings)
+        {
+            _memberPasswordConfiguration = memberPasswordConfiguration.Value;
+            _securitySettings = securitySettings.Value;
+        }
 
         public void Configure(IdentityOptions options)
         {
@@ -22,6 +26,9 @@ namespace Umbraco.Cms.Web.Common.Security
 
             options.User.RequireUniqueEmail = true;
 
+            // Support validation of member names using Down-Level Logon Name format
+            options.User.AllowedUserNameCharacters = _securitySettings.AllowedUserNameCharacters;
+
             options.Lockout.AllowedForNewUsers = true;
             // TODO: Implement this
             options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromDays(30);
diff --git a/src/Umbraco.Web.UI.NetCore/appsettings.json b/src/Umbraco.Web.UI.NetCore/appsettings.json
index 8fe1993bcb..a2c0e9c938 100644
--- a/src/Umbraco.Web.UI.NetCore/appsettings.json
+++ b/src/Umbraco.Web.UI.NetCore/appsettings.json
@@ -46,6 +46,7 @@
         "KeepUserLoggedIn": false,
         "UsernameIsEmail": true,
         "HideDisabledUsersInBackoffice": false,
+        "AllowedUserNameCharacters": "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+\\",
         "UserPassword": {
           "RequiredLength": 10,
           "RequireNonLetterOrDigit": false,