diff --git a/src/lib/tenants/tenant-select/tenant-select.component.html b/src/lib/tenants/tenant-select/tenant-select.component.html
index 2916df5..6a7c697 100644
--- a/src/lib/tenants/tenant-select/tenant-select.component.html
+++ b/src/lib/tenants/tenant-select/tenant-select.component.html
@@ -8,8 +8,8 @@
 
     <iqser-spacer [height]="100"></iqser-spacer>
 
-    <ng-container *ngIf="isLoggedOut">
-        <div class="heading-xl" translate="tenant-resolve.header.youre-logged-out"></div>
+    <ng-container *ngIf="isLoggedOut || noRoleLogOut">
+        <div class="heading-xl" [translate]="isLoggedOut ? translations.IS_LOGGED_OUT : translations.NO_ROLE_LOG_OUT"></div>
         <iqser-spacer [height]="75"></iqser-spacer>
     </ng-container>
 
diff --git a/src/lib/tenants/tenant-select/tenant-select.component.ts b/src/lib/tenants/tenant-select/tenant-select.component.ts
index 4dddadf..6344a6e 100644
--- a/src/lib/tenants/tenant-select/tenant-select.component.ts
+++ b/src/lib/tenants/tenant-select/tenant-select.component.ts
@@ -9,6 +9,7 @@ import { getKeycloakOptions } from '../keycloak-initializer';
 import { IStoredTenantId, TenantsService } from '../services';
 import { KeycloakStatusService } from '../services/keycloak-status.service';
 import { UI_ROOT } from '../../utils';
+import { selectTenantTranslations } from '../../translations/select-tenant-translations';
 
 @Component({
     templateUrl: './tenant-select.component.html',
@@ -17,6 +18,7 @@ import { UI_ROOT } from '../../utils';
 })
 export class TenantSelectComponent {
     @Input() isLoggedOut = false;
+    @Input() noRoleLogOut = false;
     protected readonly logger = inject(NGXLogger);
     protected readonly tenantsService = inject(TenantsService);
     protected storedTenants: IStoredTenantId[] = [];
@@ -29,6 +31,7 @@ export class TenantSelectComponent {
         // eslint-disable-next-line @typescript-eslint/unbound-method
         tenantId: ['', Validators.required],
     });
+    protected readonly translations = selectTenantTranslations;
     readonly #uiRoot = inject(UI_ROOT);
 
     constructor() {
diff --git a/src/lib/translations/select-tenant-translations.ts b/src/lib/translations/select-tenant-translations.ts
new file mode 100644
index 0000000..506b305
--- /dev/null
+++ b/src/lib/translations/select-tenant-translations.ts
@@ -0,0 +1,6 @@
+import { marker as _ } from '@biesbjerg/ngx-translate-extract-marker';
+
+export const selectTenantTranslations: { [key in string]: string } = {
+    IS_LOGGED_OUT: _('tenant-resolve.header.youre-logged-out'),
+    NO_ROLE_LOG_OUT: _('tenant-resolve.header.no-role-log-out'),
+} as const;
diff --git a/src/lib/users/guards/roles.guard.ts b/src/lib/users/guards/roles.guard.ts
index 68ca869..fcfda12 100644
--- a/src/lib/users/guards/roles.guard.ts
+++ b/src/lib/users/guards/roles.guard.ts
@@ -17,11 +17,11 @@ export function doesNotHaveAnyRole(): AsyncGuard {
 
 export function hasAnyRole(): AsyncGuard {
     return async () => {
-        const router = inject(Router);
-        const user = await inject(IqserUserService).loadCurrentUser();
+        const userService = inject(IqserUserService);
+        const user = await userService.loadCurrentUser();
 
         if (!user?.hasAnyRole) {
-            await router.navigate(['auth-error']);
+            await userService.logout(true);
             return false;
         }
         return true;
diff --git a/src/lib/users/services/iqser-user.service.ts b/src/lib/users/services/iqser-user.service.ts
index 2e598fc..730ffce 100644
--- a/src/lib/users/services/iqser-user.service.ts
+++ b/src/lib/users/services/iqser-user.service.ts
@@ -58,11 +58,12 @@ export abstract class IqserUserService<
         await firstValueFrom(this.loadAll());
     }
 
-    async logout() {
+    async logout(noRoleLogOut = false) {
         try {
             await this._keycloakService.loadUserProfile(true);
             await this._cacheApiService.wipeCaches();
-            const redirectUri = window.location.origin + this.#uiRoot + '/?isLoggedOut=true';
+            const logoutParam = noRoleLogOut ? 'noRoleLogOut' : 'isLoggedOut';
+            const redirectUri = window.location.origin + this.#uiRoot + `/?${logoutParam}=true`;
             await this._keycloakService.logout(redirectUri);
         } catch (e) {
             console.log('Logout failed: ', e);