diff --git a/nummi/main/templates/main/index.html b/nummi/main/templates/main/index.html
index 63a50c3..2f9ae84 100644
--- a/nummi/main/templates/main/index.html
+++ b/nummi/main/templates/main/index.html
@@ -3,6 +3,7 @@
 {% block body %}
 <h1>Nummi</h1>
 
+<a href="{% url 'logout' %}">Logout</a>
 <a href="{% url 'transaction' %}">Add transaction</a>
 
 {% if transactions %}
diff --git a/nummi/main/templates/main/login.html b/nummi/main/templates/main/login.html
new file mode 100644
index 0000000..edd607d
--- /dev/null
+++ b/nummi/main/templates/main/login.html
@@ -0,0 +1,14 @@
+{% extends "main/base.html" %}
+
+{% block body %}
+
+<h1>Login</h1>
+
+<form action="{% url 'login' %}" method="post">
+	{% csrf_token %}
+	{{ form.as_p }}
+	<input hidden value="{{ next }}" name="next" />
+	<input type="submit" />
+</form>
+
+{% endblock %}
diff --git a/nummi/main/urls.py b/nummi/main/urls.py
index 1c114be..194ddb6 100644
--- a/nummi/main/urls.py
+++ b/nummi/main/urls.py
@@ -4,6 +4,8 @@ from . import views
 
 urlpatterns = [
     path("", views.index, name="index"),
+    path("login", views.LoginView.as_view(), name="login"),
+    path("logout", views.LogoutView.as_view(), name="logout"),
     path("transaction", views.transaction, name="transaction"),
     path("transaction/<uuid>", views.transaction, name="transaction"),
     path(
diff --git a/nummi/main/views.py b/nummi/main/views.py
index f7929f9..06bd679 100644
--- a/nummi/main/views.py
+++ b/nummi/main/views.py
@@ -1,9 +1,12 @@
 from django.shortcuts import render, get_object_or_404, redirect
 from django.http import HttpResponse
+from django.contrib.auth.decorators import login_required
+from django.contrib.auth import views as auth_views
 
 from .models import Transaction, TransactionForm, Invoice, InvoiceForm, Category
 
 
+@login_required
 def index(request):
     _transactions = Transaction.objects.order_by("-date")[:5]
     _categories = Category.objects.order_by("name")
@@ -15,6 +18,15 @@ def index(request):
     return render(request, "main/index.html", context)
 
 
+class LoginView(auth_views.LoginView):
+    template_name = "main/login.html"
+    next_page = "index"
+
+class LogoutView(auth_views.LogoutView):
+    next_page = "login"
+
+
+@login_required
 def transaction(request, uuid=None):
     if uuid is None:
         _transaction = Transaction()
@@ -34,6 +46,7 @@ def transaction(request, uuid=None):
     )
 
 
+@login_required
 def update_transaction(request, uuid):
     try:
         _transaction = Transaction.objects.get(id=uuid)
@@ -44,12 +57,14 @@ def update_transaction(request, uuid):
     return redirect(transaction, uuid=uuid)
 
 
+@login_required
 def invoice(request, uuid):
     _invoice = get_object_or_404(Invoice, id=uuid)
     with _invoice.file.open() as _file:
         return HttpResponse(_file.read(), content_type="application/pdf")
 
 
+@login_required
 def add_invoice(request, uuid):
     _transaction = get_object_or_404(Transaction, id=uuid)
     _invoice = Invoice(transaction=_transaction)
@@ -58,6 +73,7 @@ def add_invoice(request, uuid):
     return redirect(transaction, uuid=uuid)
 
 
+@login_required
 def del_invoice(request, uuid, invoice_id):
     _invoice = get_object_or_404(Invoice, id=invoice_id)
     _invoice.delete()
diff --git a/nummi/nummi/settings.py b/nummi/nummi/settings.py
index 512de1f..5d8c261 100644
--- a/nummi/nummi/settings.py
+++ b/nummi/nummi/settings.py
@@ -119,6 +119,7 @@ USE_TZ = True
 # https://docs.djangoproject.com/en/4.0/howto/static-files/
 
 STATIC_URL = "static/"
+LOGIN_URL = "login"
 
 # Default primary key field type
 # https://docs.djangoproject.com/en/4.0/ref/settings/#default-auto-field