diff --git a/internal/auth/oauth2.go b/internal/auth/oauth2.go
index 870b2dee6acb81fd25308d0aac196b7f88b825cf..e66f3656a84c9970cd4983dfecfe0196f8c8e958 100644
--- a/internal/auth/oauth2.go
+++ b/internal/auth/oauth2.go
@@ -121,10 +121,22 @@ func (m Manager) HandleOAuth2Callback() http.Handler {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
 		}
+
 		// Trim the user roles in case they come from LDAP
 		for key, role := range user.Roles {
 			user.Roles[key] = strings.TrimPrefix(strings.Split(role, ",")[0], "CN=")
 		}
+
+		// Check if user has the correct role
+		err = checkUserHasRole(TokenData{User: user}, []string{AdminRole})
+
+		if err != nil {
+			// Log the connexion attempt
+			log.Printf("| %v (%v %v) | Login failed (Unauthorized user) | %v", user.Login, user.Name, user.Surname, req.RemoteAddr)
+			http.Redirect(w, r, "/", http.StatusFound)
+			return
+		}
+
 		// Store the user in cookie
 		// Generate
 		xsrfToken, err := common.GenerateRandomString(16)