diff --git a/modules/statistics/config-templates/module_statistics.php b/modules/statistics/config-templates/module_statistics.php
index 0f19120f73db23b7aa7a190683f2fd7ce08c5523..f5432703709ba0e70950524a65f527b5f25bb4bc 100644
--- a/modules/statistics/config-templates/module_statistics.php
+++ b/modules/statistics/config-templates/module_statistics.php
@@ -5,6 +5,18 @@
 
 $config = array (
 
+	// Access control on statistics page.
+	'protected' => FALSE,
+	
+	/*
+	 * Which authenticatino source should be used for authentication exception from admin module.
+	 * Set to NULL if only using admin auth.
+	 */
+	//'auth' => 'feide',
+	
+	'useridattr' => 'eduPersonPrincipalName',
+	'allowedUsers' => array('andreas@uninett.no', 'ola.normann@sp.example.org'),
+
 	'statdir' => '/tmp/stats/',
 	'inputfile' => '/var/log/simplesamlphp.stat',
 	'offset' => 60*60*2 + 60*60*24*3, // Two hours offset to match epoch and norwegian winter time.
diff --git a/modules/statistics/www/showstats.php b/modules/statistics/www/showstats.php
index 53fc2c7ffd2c7a7dcd5badf0192398a139006349..2f89002677e118da519bf60c9b7fe0fff89c6f2f 100644
--- a/modules/statistics/www/showstats.php
+++ b/modules/statistics/www/showstats.php
@@ -2,6 +2,53 @@
 
 $config = SimpleSAML_Configuration::getInstance();
 $statconfig = SimpleSAML_Configuration::getConfig('module_statistics.php');
+$session = SimpleSAML_Session::getInstance();
+
+
+$protected = $statconfig->getBoolean('protected', FALSE);
+$authsource = $statconfig->getString('auth', NULL);
+$allowedusers = $statconfig->getValue('allowedUsers', NULL);
+$useridattr = $statconfig->getString('useridattr', 'eduPersonPrincipalName');
+
+if ($protected) {
+
+	if ($session->isValid('login-admin') ) {
+		// User logged in as admin. OK.
+		SimpleSAML_Logger::debug('Statistics auth - logged in as admin, access granted');
+		
+	} elseif(isset($authsource) && $session->isValid($authsource) ) {
+	
+		// User logged in with auth source.
+		SimpleSAML_Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']');
+		
+		// Retrieving attributes
+		$attributes = $session->getAttributes();
+		
+		// Check if userid exists
+		if (!isset($attributes[$useridattr])) 
+			throw new Exception('User ID is missing');
+		
+		// Check if userid is allowed access..
+		if (!in_array($attributes[$useridattr][0], $allowedusers)) {
+			SimpleSAML_Logger::debug('Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']');
+			throw new Exception('Access denied for this user.');
+		}
+		SimpleSAML_Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']');		
+		
+	} elseif(isset($authsource)) {
+		// If user is not logged in init login with authrouce if authsousrce is defined.
+		SimpleSAML_Auth_Default::initLogin($authsource, SimpleSAML_Utilities::selfURL());
+		
+	} else {
+		// If authsource is not defined, init admin login.
+		SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php',
+			array('RelayState' => SimpleSAML_Utilities::selfURL())
+		);
+	}
+}
+
+
+
 
 $statdir = $statconfig->getValue('statdir');
 $inputfile = $statconfig->getValue('inputfile');