diff --git a/spiffworkflow-frontend/src/App.tsx b/spiffworkflow-frontend/src/App.tsx
index deb38410..6357a713 100644
--- a/spiffworkflow-frontend/src/App.tsx
+++ b/spiffworkflow-frontend/src/App.tsx
@@ -13,6 +13,7 @@ import AdminRoutes from './routes/AdminRoutes';
 import { ErrorForDisplay } from './interfaces';
 
 import { AbilityContext } from './contexts/Can';
+import UserService from './services/UserService';
 
 export default function App() {
   const [errorMessage, setErrorMessage] = useState<ErrorForDisplay | null>(
@@ -24,6 +25,11 @@ export default function App() {
     [errorMessage]
   );
 
+  if (!UserService.isLoggedIn()) {
+    UserService.doLogin();
+    return null;
+  }
+
   const ability = defineAbility(() => {});
 
   let errorTag = null;
diff --git a/spiffworkflow-frontend/src/components/NavigationBar.tsx b/spiffworkflow-frontend/src/components/NavigationBar.tsx
index 47e0de99..eaf75aec 100644
--- a/spiffworkflow-frontend/src/components/NavigationBar.tsx
+++ b/spiffworkflow-frontend/src/components/NavigationBar.tsx
@@ -24,6 +24,7 @@ import UserService from '../services/UserService';
 import { useUriListForPermissions } from '../hooks/UriListForPermissions';
 import { PermissionsToCheck } from '../interfaces';
 import { usePermissionFetcher } from '../hooks/PermissionService';
+import { UnauthenticatedError } from '../services/HttpService';
 
 // for ref: https://react-bootstrap.github.io/components/navbar/
 export default function NavigationBar() {
@@ -39,6 +40,11 @@ export default function NavigationBar() {
   const [activeKey, setActiveKey] = useState<string>('');
 
   const { targetUris } = useUriListForPermissions();
+
+  // App.jsx forces login (which redirects to keycloak) so we should never get here if we're not logged in.
+  if (UserService.isLoggedIn()) {
+    throw new UnauthenticatedError('You must be authenticated to do this.');
+  }
   const permissionRequestData: PermissionsToCheck = {
     [targetUris.authenticationListPath]: ['GET'],
     [targetUris.messageInstanceListPath]: ['GET'],
@@ -135,6 +141,9 @@ export default function NavigationBar() {
   };
 
   const headerMenuItems = () => {
+    if (!UserService.isLoggedIn()) {
+      return null;
+    }
     return (
       <>
         <HeaderMenuItem href="/" isCurrentPage={isActivePage('/')}>
diff --git a/spiffworkflow-frontend/src/services/HttpService.ts b/spiffworkflow-frontend/src/services/HttpService.ts
index 119765a7..78a29d07 100644
--- a/spiffworkflow-frontend/src/services/HttpService.ts
+++ b/spiffworkflow-frontend/src/services/HttpService.ts
@@ -26,7 +26,7 @@ type backendCallProps = {
   postBody?: any;
 };
 
-class UnauthenticatedError extends Error {
+export class UnauthenticatedError extends Error {
   constructor(message: string) {
     super(message);
     this.name = 'UnauthenticatedError';
diff --git a/spiffworkflow-frontend/src/services/UserService.ts b/spiffworkflow-frontend/src/services/UserService.ts
index 84e84d6f..df0f213e 100644
--- a/spiffworkflow-frontend/src/services/UserService.ts
+++ b/spiffworkflow-frontend/src/services/UserService.ts
@@ -27,8 +27,8 @@ const doLogout = () => {
   const idToken = getIdToken();
   localStorage.removeItem('jwtAccessToken');
   localStorage.removeItem('jwtIdToken');
-  const redirctUrl = `${window.location.origin}/`;
-  const url = `${BACKEND_BASE_URL}/logout?redirect_url=${redirctUrl}&id_token=${idToken}`;
+  const redirectUrl = `${window.location.origin}`;
+  const url = `${BACKEND_BASE_URL}/logout?redirect_url=${redirectUrl}&id_token=${idToken}`;
   window.location.href = url;
 };