diff --git a/__tests__/lib/auth-guard.test.ts b/__tests__/lib/auth-guard.test.ts
index b162921..552c1cb 100644
--- a/__tests__/lib/auth-guard.test.ts
+++ b/__tests__/lib/auth-guard.test.ts
@@ -8,6 +8,41 @@ vi.mock('@/lib/auth', () => ({ getSession: getSessionMock }))
 vi.mock('@/lib/auth/pairing', () => ({ isPairedSessionExpired: isPairedSessionExpiredMock }))
 vi.mock('next/navigation', () => ({ redirect: redirectMock }))
 
+describe('requireAdmin', () => {
+  beforeEach(() => {
+    getSessionMock.mockReset()
+    isPairedSessionExpiredMock.mockReset()
+    redirectMock.mockClear()
+  })
+
+  afterEach(() => {
+    vi.resetModules()
+  })
+
+  it('redirect /dashboard als userId ontbreekt', async () => {
+    getSessionMock.mockResolvedValue({ userId: undefined, isAdmin: false })
+    const { requireAdmin } = await import('@/lib/auth-guard')
+    await expect(requireAdmin()).rejects.toThrow('REDIRECT_CALLED')
+    expect(redirectMock).toHaveBeenCalledWith('/dashboard')
+  })
+
+  it('redirect /dashboard als isAdmin false is', async () => {
+    getSessionMock.mockResolvedValue({ userId: 'u1', isAdmin: false })
+    const { requireAdmin } = await import('@/lib/auth-guard')
+    await expect(requireAdmin()).rejects.toThrow('REDIRECT_CALLED')
+    expect(redirectMock).toHaveBeenCalledWith('/dashboard')
+  })
+
+  it('geeft sessie terug als isAdmin true is', async () => {
+    const sess = { userId: 'u1', isAdmin: true }
+    getSessionMock.mockResolvedValue(sess)
+    const { requireAdmin } = await import('@/lib/auth-guard')
+    const result = await requireAdmin()
+    expect(result).toBe(sess)
+    expect(redirectMock).not.toHaveBeenCalled()
+  })
+})
+
 describe('requireSession', () => {
   beforeEach(() => {
     getSessionMock.mockReset()
diff --git a/app/(app)/admin/layout.tsx b/app/(app)/admin/layout.tsx
new file mode 100644
index 0000000..0d1d279
--- /dev/null
+++ b/app/(app)/admin/layout.tsx
@@ -0,0 +1,16 @@
+import { requireAdmin } from '@/lib/auth-guard'
+import Link from 'next/link'
+
+export default async function AdminLayout({ children }: { children: React.ReactNode }) {
+  await requireAdmin()
+  return (
+    <div className="flex min-h-screen">
+      <nav className="w-48 border-r p-4 flex flex-col gap-2">
+        <Link href="/admin/users">Gebruikers</Link>
+        <Link href="/admin/jobs">Claude Jobs</Link>
+        <Link href="/admin/products">Producten</Link>
+      </nav>
+      <main className="flex-1 p-6">{children}</main>
+    </div>
+  )
+}
diff --git a/app/(app)/admin/page.tsx b/app/(app)/admin/page.tsx
new file mode 100644
index 0000000..f07ba33
--- /dev/null
+++ b/app/(app)/admin/page.tsx
@@ -0,0 +1,5 @@
+import { redirect } from 'next/navigation'
+
+export default function AdminPage() {
+  redirect('/admin/users')
+}
diff --git a/lib/auth-guard.ts b/lib/auth-guard.ts
index 8b6baf5..e82a568 100644
--- a/lib/auth-guard.ts
+++ b/lib/auth-guard.ts
@@ -22,3 +22,11 @@ export async function requireSession() {
 
   return session
 }
+
+export async function requireAdmin() {
+  const session = await getSession()
+  if (!session.userId || !session.isAdmin) {
+    redirect('/dashboard')
+  }
+  return session
+}