diff --git a/app/sso/views.py b/app/sso/views.py
index 309dfaa..31c3a0d 100644
--- a/app/sso/views.py
+++ b/app/sso/views.py
@@ -155,6 +155,9 @@ def service_reset(request, serviceid=0):
 def user_view(request, username=None):
     """ View a user's profile as a admin """
 
+    if not request.user.is_staff:
+        return redirect('sso.views.profile')
+
     if username:
         try:
             user = User.objects.get(username=username)
@@ -181,6 +184,9 @@ def user_lookup(request):
 
     form = UserLookupForm()
 
+    if not request.user.is_staff:
+        return redirect('sso.views.profile')
+
     if request.method == 'POST':
         form = UserLookupForm(request.POST)
         if form.is_valid():