diff --git a/lib/Cake/Controller/Component/AuthComponent.php b/lib/Cake/Controller/Component/AuthComponent.php
index 31cb1d0e3a2..adb628c97a8 100644
--- a/lib/Cake/Controller/Component/AuthComponent.php
+++ b/lib/Cake/Controller/Component/AuthComponent.php
@@ -215,11 +215,13 @@ class AuthComponent extends Component {
 	public $authError = null;
 
 /**
- * Controls handling of unauthorized access. By default unauthorized user is
- * redirected to the referrer url or AuthComponent::$loginRedirect or '/'.
- * If set to false a ForbiddenException exception is thrown instead of redirecting.
+ * Controls handling of unauthorized access.
+ * - For default value `true` unauthorized user is redirected to the referrer url
+ *   or AuthComponent::$loginRedirect or '/'.
+ * - If set to a string or array the value is used as an url to redirect to.
+ * - If set to false a ForbiddenException exception is thrown instead of redirecting.
  *
- * @var boolean
+ * @var mixed
  */
 	public $unauthorizedRedirect = true;
 
@@ -345,16 +347,21 @@ public function startup(Controller $controller) {
  * @throws ForbiddenException
  */
 	protected function _unauthorized(Controller $controller) {
-		if (!$this->unauthorizedRedirect) {
+		if ($this->unauthorizedRedirect === false) {
 			throw new ForbiddenException($this->authError);
 		}
 
 		$this->flash($this->authError);
-		$default = '/';
-		if (!empty($this->loginRedirect)) {
-			$default = $this->loginRedirect;
+		if ($this->unauthorizedRedirect === true) {
+			$default = '/';
+			if (!empty($this->loginRedirect)) {
+				$default = $this->loginRedirect;
+			}
+			$url = $controller->referer($default, true);
+		} else {
+			$url = $this->unauthorizedRedirect;
 		}
-		$controller->redirect($controller->referer($default, true), null, true);
+		$controller->redirect($url, null, true);
 		return false;
 	}
 
diff --git a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
index 8153bfe6c46..cc00adade36 100644
--- a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
+++ b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
@@ -907,6 +907,37 @@ public function testDefaultToLoginRedirect() {
 		$this->Auth->startup($Controller);
 	}
 
+/**
+ * testRedirectToUnauthorizedRedirect
+ *
+ * @return void
+ */
+	public function testRedirectToUnauthorizedRedirect() {
+		$url = '/party/on';
+		$this->Auth->request = $CakeRequest = new CakeRequest($url);
+		$this->Auth->request->addParams(Router::parse($url));
+		$this->Auth->authorize = array('Controller');
+		$this->Auth->login(array('username' => 'admad', 'password' => 'cake'));
+		$this->Auth->unauthorizedRedirect = array(
+			'controller' => 'no_can_do', 'action' => 'jack'
+		);
+
+		$CakeResponse = new CakeResponse();
+		$Controller = $this->getMock(
+			'Controller',
+			array('on', 'redirect'),
+			array($CakeRequest, $CakeResponse)
+		);
+
+		$expected = array(
+			'controller' => 'no_can_do', 'action' => 'jack'
+		);
+		$Controller->expects($this->once())
+			->method('redirect')
+			->with($this->equalTo($expected));
+		$this->Auth->startup($Controller);
+	}
+
 /**
  * Throw ForbiddenException if AuthComponent::$unauthorizedRedirect set to false
  * @expectedException ForbiddenException