diff --git a/apps/mobile/packages/features/client/authentication/lib/src/data/repositories_impl/auth_repository_impl.dart b/apps/mobile/packages/features/client/authentication/lib/src/data/repositories_impl/auth_repository_impl.dart
index 3c7d387a..c6831eee 100644
--- a/apps/mobile/packages/features/client/authentication/lib/src/data/repositories_impl/auth_repository_impl.dart
+++ b/apps/mobile/packages/features/client/authentication/lib/src/data/repositories_impl/auth_repository_impl.dart
@@ -39,10 +39,9 @@ class AuthRepositoryImpl implements AuthRepositoryInterface {
       return _getUserProfile(
         firebaseUserId: firebaseUser.uid,
         fallbackEmail: firebaseUser.email ?? email,
+        requireBusinessRole: true,
       );
 
-      //TO-DO: validate that user is business role and has business account
-
     } on firebase.FirebaseAuthException catch (e) {
       if (e.code == 'invalid-credential' || e.code == 'wrong-password') {
         throw Exception('Incorrect email or password.');
@@ -138,12 +137,18 @@ class AuthRepositoryImpl implements AuthRepositoryInterface {
   Future<domain.User> _getUserProfile({
     required String firebaseUserId,
     required String? fallbackEmail,
+    bool requireBusinessRole = false,
   }) async {
     final QueryResult<dc.GetUserByIdData, dc.GetUserByIdVariables> response = await _dataConnect.getUserById(id: firebaseUserId).execute();
     final dc.GetUserByIdUser? user = response.data?.user;
     if (user == null) {
       throw Exception('Authenticated user profile not found in database.');
     }
+    if (requireBusinessRole && user.userRole != 'BUSINESS') {
+      await _firebaseAuth.signOut();
+      dc.ClientSessionStore.instance.clear();
+      throw Exception('User is not authorized for this app.');
+    }
 
     final String? email = user.email ?? fallbackEmail;
     if (email == null || email.isEmpty) {