diff --git a/barkeep_server.rb b/barkeep_server.rb
index a26a20a3..62a2a1c0 100644
--- a/barkeep_server.rb
+++ b/barkeep_server.rb
@@ -39,7 +39,12 @@
 
 NODE_MODULES_BIN_PATH = "./node_modules/.bin"
 OPENID_AX_EMAIL_SCHEMA = "http://axschema.org/contact/email"
-LOGIN_WHITELIST_ROUTES = ["/signin", "/signout", "/commits/", "/stats", "/inspire", "/statusz", "/api/"]
+UNAUTHENTICATED_ROUTES = ["/signin", "/signout", "/inspire", "/statusz", "/api/"]
+# NOTE(philc): Currently we let you see previews of individual commits and the code review stats without
+# being logged in, as a friendly UX. When we flesh out our auth model, we should intentionally make this
+# configurable.
+UNAUTHENTICATED_PREVIEW_ROUTES = ["/commits/", "/stats"]
+
 
 # OPENID_PROVIDERS is a string env variable. It's a comma-separated list of OpenID providers.
 OPENID_PROVIDERS_ARRAY = OPENID_PROVIDERS.split(",")
@@ -176,7 +181,9 @@ def ensure_required_params(*required_params)
     else
       SavedSearch.raise_on_save_failure = true
     end
-    next if LOGIN_WHITELIST_ROUTES.any? { |route| request.path =~ /^#{route}/ }
+    next if UNAUTHENTICATED_ROUTES.any? { |route| request.path =~ /^#{route}/ }
+    next if PERMITTED_USERS.empty? &&
+      UNAUTHENTICATED_PREVIEW_ROUTES.any? { |route| request.path =~ /^#{route}/ }
     unless current_user
       # TODO(philc): Revisit this UX. Dumping the user into Google with no explanation is not what we want.
 
@@ -225,6 +232,9 @@ def ensure_required_params(*required_params)
     when OpenID::Consumer::SUCCESS
       ax_resp = OpenID::AX::FetchResponse.from_success_response(openid_response)
       email = ax_resp["http://axschema.org/contact/email"][0]
+      unless PERMITTED_USERS.split(",").map(&:strip).include?(email)
+        halt 401, "Your email #{email} is not authorized to login to Barkeep."
+      end
       session[:email] = email
       unless User.find(:email => email)
         # If there are no admin users yet, make the first user to log in the first admin.
diff --git a/environment.rb b/environment.rb
index a83697e8..131a69c9 100644
--- a/environment.rb
+++ b/environment.rb
@@ -33,3 +33,7 @@
 
 # The number of resque workers to spawn
 RESQUE_WORKERS = 2
+
+# A comma-separated list of permitted users, to restrict access to barkeep. If unset, any user can log in
+# via their Gmail account. This feature is a work in progress and not ready for general use; see #361.
+PERMITTED_USERS = ""