diff --git a/src/lib/auth-helper.ts b/src/lib/auth-helper.ts
new file mode 100644
index 00000000..97d31a9f
--- /dev/null
+++ b/src/lib/auth-helper.ts
@@ -0,0 +1,25 @@
+/**
+ * Redirects the user to the SSO login page with loop protection.
+ *
+ * This function checks a session storage timestamp to ensure that redirects
+ * do not happen too frequently (blocking infinite redirect loops).
+ */
+export const redirectToSSO = () => {
+  if (typeof window === 'undefined') return;
+
+  const lastRedirect = sessionStorage.getItem('auth_redirect_timestamp');
+  const now = Date.now();
+
+  // Loop protection: allow redirect only if last one was > 2 seconds ago
+  // or if no redirect has happened yet.
+  if (!lastRedirect || now - parseInt(lastRedirect, 10) > 2000) {
+    sessionStorage.setItem('auth_redirect_timestamp', now.toString());
+    // const ssoLoginUrl = `${process.env.NEXT_PUBLIC_SSO_LOGIN_URL as string}?redirect_url=${window.location.href}`;
+
+    const ltiSsoStart = `${process.env.NEXT_PUBLIC_API_BASE_URL as string}/sso/start?client_id=${process.env.NEXT_PUBLIC_CLIENT_ID as string}&redirect_url=${window.location.href}`;
+    const ssoLoginUrl = `${process.env.NEXT_PUBLIC_SSO_LOGIN_URL as string}?redirect_url=${ltiSsoStart}`;
+    window.location.href = ssoLoginUrl;
+  } else {
+    console.error('Redirect loop detected. Aborting redirect.');
+  }
+};