diff --git a/docs/privacyidea.md b/docs/privacyidea.md
index 6be53d7e389890ced92b4d57b39a42257fb6a9b0..af33494c8569812f04d22ddf87ee47d5c39e79f2 100644
--- a/docs/privacyidea.md
+++ b/docs/privacyidea.md
@@ -126,6 +126,14 @@ You need to add the authentication source 'privacyidea' to
         'serial' => 'otpSerial',
         'otplen' => 'otpLength'
     ],
+
+    /*
+     * Override (string) or reformat (callable) messages from privacyIDEA.
+     * When using callable, HTML is not escaped.
+     * Optional.
+     */
+    //'messageOverride' => 'Use any of your tokens.',
+    //'messageOverride' => function($messages){return htmlspecialchars(current(explode(',', $messages)));},
 ],
 ```
 
@@ -315,6 +323,14 @@ If you want to use privacyIDEA as an auth process filter, add the configuration
          * Optional, default to true.
          */
         'showLogout' => false,
+
+        /**
+         * Override (string) or reformat (callable) messages from privacyIDEA.
+         * When using callable, HTML is not escaped.
+         * Optional.
+         */
+        //'messageOverride' => 'Use any of your tokens.',
+        //'messageOverride' => function($messages){return htmlspecialchars(current(explode(',', $messages)));},
     ],
 ]
 ```
diff --git a/lib/Auth/Process/PrivacyideaAuthProc.php b/lib/Auth/Process/PrivacyideaAuthProc.php
index eb3f49220a7beee9f94b2f120b2a774962461457..861e6906144ff6d851ca6a61de70b4023b964ec1 100644
--- a/lib/Auth/Process/PrivacyideaAuthProc.php
+++ b/lib/Auth/Process/PrivacyideaAuthProc.php
@@ -56,6 +56,7 @@ class PrivacyideaAuthProc extends ProcessingFilter
         $state['privacyidea:privacyidea'] = $this->authProcConfig;
         $state['privacyidea:privacyidea']['authenticationMethod'] = 'authprocess';
         $state['privacyidea:privacyidea:ui']['showLogout'] = $this->authProcConfig['showLogout'] ?? true;
+        $state['privacyidea:privacyidea:ui']['messageOverride'] = $this->authProcConfig['messageOverride'] ?? null;
 
         // If set in config, allow to check the IP of the client and to control the 2FA depending on the client IP.
         // It can be used to configure that a user does not need to provide a second factor when logging in from the local network.
diff --git a/lib/Auth/Source/PrivacyideaAuthSource.php b/lib/Auth/Source/PrivacyideaAuthSource.php
index a5e01f0e5d9f1700147d5a34458575fa1aabcc21..70198eeffb9ba4d9ad2a34da940f2c1464c4e035 100644
--- a/lib/Auth/Source/PrivacyideaAuthSource.php
+++ b/lib/Auth/Source/PrivacyideaAuthSource.php
@@ -103,6 +103,7 @@ class PrivacyideaAuthSource extends UserPassBase
         $state['privacyidea:privacyidea:ui']['otpFieldHint'] = $this->authSourceConfig['otpFieldHint'] ?? '';
         $state['privacyidea:privacyidea:ui']['passFieldHint'] = $this->authSourceConfig['passFieldHint'] ?? '';
         $state['privacyidea:privacyidea:ui']['loadCounter'] = '1';
+        $state['privacyidea:privacyidea:ui']['messageOverride'] = $this->authSourceConfig['messageOverride'] ?? null;
 
         $stateId = State::saveState($state, 'privacyidea:privacyidea');
 
diff --git a/templates/LoginForm.php b/templates/LoginForm.php
index 93bb007a9e41c1b167aba142cecc8519f97e61ce..81dd63ef29200fa83776b3d26332172163fe1e22 100644
--- a/templates/LoginForm.php
+++ b/templates/LoginForm.php
@@ -137,7 +137,17 @@ if (null !== $this->data['errorCode']) {
                                 <input id="password" name="password" tabindex="1" type="password" value="" class="text"
                                        placeholder="<?php echo htmlspecialchars($passHint, ENT_QUOTES); ?>"/>
 
-                                <strong id="message"><?php echo htmlspecialchars($this->data['message'] ?? '', ENT_QUOTES); ?></strong>
+                                <strong id="message"><?php
+                                    $messageOverride = $this->data['messageOverride'] ?? null;
+                                    if (null === $messageOverride || is_string($messageOverride)) {
+                                        echo htmlspecialchars(
+                                            $messageOverride ?? $this->data['message'] ?? '',
+                                            ENT_QUOTES
+                                        );
+                                    } elseif (is_callable($messageOverride)) {
+                                        echo call_user_func($messageOverride, $this->data['message'] ?? '');
+                                    }
+                                ?></strong>
                                 <br><br>
                                 <label for="otp" class="sr-only">
                                     <?php echo $this->t('{privacyidea:privacyidea:otp}'); ?>