diff --git a/README.md b/README.md
index 9887b68ea37d69aed3c50f0438c27b08634e010c..5c80b227ee2f7f9bd41d981a2317072cab4385db 100644
--- a/README.md
+++ b/README.md
@@ -42,7 +42,7 @@ SP_SSL = False
 
 SP_FORCE_ENTITY_ID = "dev-id-{0}-{1}".format(socket.gethostname(), os.path.dirname(os.path.dirname(__file__)))  # too many localhosts around
 
-LOGIN_URL = urls.reverse_lazy("sso-dev")
+LOGIN_URL = urls.reverse_lazy("sso-dev")  # it's "sso-login" for prod
 ```
 
 
diff --git a/ssoauth/app_settings/defaults.py b/ssoauth/app_settings/defaults.py
index 16cd1f61fdb9321c4811dc2e6cc0dd4684cfdb7a..f8f20e5118d9c25720ec12525c9c4107494ec990 100644
--- a/ssoauth/app_settings/defaults.py
+++ b/ssoauth/app_settings/defaults.py
@@ -55,6 +55,8 @@ SU_PERM_NAME = "superuser"
 STAFF_GROUP_NAME = "{0}_staff".format(PROJECT_NAME)
 STAFF_PERM_NAME = "staff"
 
+PRETEND_AUTH_BACKEND = django_settings.AUTHENTICATION_BACKENDS[0]  # pretend to be this backend; django does not expect that it is possible to log in without an authentication backend
+
 
 """
 Not really settings...
@@ -88,4 +90,3 @@ SP_ORGANIZATION = {
     },
 }
 
-DEFAULT_AUTH_BACKEND = django_settings.AUTHENTICATION_BACKENDS[0]
diff --git a/ssoauth/checks.py b/ssoauth/checks.py
index 06c7f37326fc084e8702d8f44756edb0b242407a..6da861cc4a834220ffdb68c8318360f64aa01a76 100644
--- a/ssoauth/checks.py
+++ b/ssoauth/checks.py
@@ -88,6 +88,16 @@ def sp_host_is_not_localhost(app_configs, **kwargs):
     return errors
 
 
+@register(Tags.compatibility)
+def pretend_backend(app_configs, **kwargs):
+    errors = list()
+    pretend_expected = "django.contrib.auth.backends.ModelBackend"
+    if app_settings.PRETEND_AUTH_BACKEND != pretend_expected:
+        errors.append(Warning("Please make sure the first element of AUTHENTICATION_BACKENDS is django.contrib.auth.backends.ModelBackend; "
+                              "if you are not using this backend you need to ensure the first backend in the list knows how to get user by id/natural key"))
+    return errors
+
+
 @register(Tags.urls)
 def auth_urls_configured(app_configs, **kwargs):
     errors = list()
diff --git a/ssoauth/views.py b/ssoauth/views.py
index 31b7f82904070f96c0e8b7e4673d5efa375adf81..3fd73c75fe4d6ce6f344e4b1e6462b5fab0d7ecc 100644
--- a/ssoauth/views.py
+++ b/ssoauth/views.py
@@ -177,7 +177,7 @@ class ACSAuthNView(SAMLMixin, View):
         )
         auth_utils.cleanup_direct_permissions(user=user)
         auth_utils.set_user_compat_flags(user=user)
-        user.backend = app_settings.DEFAULT_AUTH_BACKEND
+        user.backend = app_settings.PRETEND_AUTH_BACKEND
         request.user = user
         contrib_auth.login(request, user)
         logger.debug("Logged in {user}".format(**locals()))
@@ -297,7 +297,7 @@ class DevView(FormView):
             except exceptions.ObjectDoesNotExist:
                 import uuid
                 user = auth_utils.get_or_create_user(username=log_in_as_username, uuid=uuid.uuid4())
-            user.backend = app_settings.DEFAULT_AUTH_BACKEND
+            user.backend = app_settings.PRETEND_AUTH_BACKEND
             self.request.user = user
             contrib_auth.login(request=self.request, user=user)
         elif toggle_group: