diff --git a/shell/router/getAppRoutes.ts b/shell/router/getAppRoutes.ts
index 519d3058..d2e107ff 100644
--- a/shell/router/getAppRoutes.ts
+++ b/shell/router/getAppRoutes.ts
@@ -1,18 +1,50 @@
-import { RouteObject } from 'react-router';
+import React from 'react';
 
-import { getSiteConfig } from '../../runtime';
-import { App } from '../../types';
+import { getSiteConfig, AuthenticatedPageRoute } from '../../runtime';
+import { App, RoleRouteObject } from '../../types';
+
+interface AuthComponentProps {
+  redirectUrl?: string | null,
+  requireAuthenticatedUser?: boolean,
+  children?: React.ReactNode,
+}
+
+function wrapRouteWithAuth(route: RoleRouteObject): RoleRouteObject {
+  const routeWithAuth = route as RoleRouteObject & {
+    requireAuthenticatedUser?: boolean,
+    redirectUrl?: string,
+  };
+  if (routeWithAuth.requireAuthenticatedUser && route.Component) {
+    const OriginalComponent = route.Component;
+    return {
+      ...route,
+      Component: (props) =>
+        React.createElement(
+          AuthenticatedPageRoute as React.ComponentType<AuthComponentProps>,
+          {
+            redirectUrl: routeWithAuth.redirectUrl ?? null,
+          },
+          React.createElement(OriginalComponent, props)
+        ),
+    };
+  }
+
+  return route;
+}
 
 export default function getAppRoutes() {
   const { apps } = getSiteConfig();
 
-  let routes: RouteObject[] = [];
+  let routes: RoleRouteObject[] = [];
 
   if (apps) {
     apps.forEach(
       (app: App) => {
         if (Array.isArray(app.routes)) {
-          routes = routes.concat(app.routes);
+          const wrappedRoutes = app.routes.map((route: RoleRouteObject) =>
+            wrapRouteWithAuth(route)
+          );
+          routes = routes.concat(wrappedRoutes);
         }
       }
     );