diff --git a/pact4s/src/test/scala/org/broadinstitute/dsde/workbench/sam/MockTestSupport.scala b/pact4s/src/test/scala/org/broadinstitute/dsde/workbench/sam/MockTestSupport.scala
index c10db52af..d5e925c79 100644
--- a/pact4s/src/test/scala/org/broadinstitute/dsde/workbench/sam/MockTestSupport.scala
+++ b/pact4s/src/test/scala/org/broadinstitute/dsde/workbench/sam/MockTestSupport.scala
@@ -4,7 +4,7 @@ import akka.actor.ActorSystem
 import akka.http.scaladsl.model.StatusCodes
 import akka.http.scaladsl.model.headers.OAuth2BearerToken
 import akka.http.scaladsl.server.{Directive, Directive0, Directive1}
-import akka.http.scaladsl.server.Directives.{complete, extractRequest, onSuccess, optionalHeaderValueByName}
+import akka.http.scaladsl.server.Directives.{complete, extractRequest, onSuccess, optionalHeaderValueByName, provide}
 import akka.stream.Materializer
 import cats.effect._
 import cats.effect.unsafe.implicits.global
diff --git a/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/SamUserDirectives.scala b/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/SamUserDirectives.scala
index 04ef056ff..dc575a7f3 100644
--- a/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/SamUserDirectives.scala
+++ b/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/SamUserDirectives.scala
@@ -55,8 +55,7 @@ trait SamUserDirectives {
   // was added so we can do the "isAdmin calculation" in the routes, just like we've always done it, but then pass this
   // data into the Services to let them make their own authz determination.  If we can change the way we define admins
   // from _not_ depending on Google, then we may be able to get rid of this directive.
-  def isWorkbenchAdmin(samUser: SamUser): Directive1[Boolean] =
-    onSuccess(cloudExtensions.isWorkbenchAdmin(samUser.email))
+  def isWorkbenchAdmin(samUser: SamUser): Directive1[Boolean]
 
   def asAdminServiceUser: Directive0
 
diff --git a/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/StandardSamUserDirectives.scala b/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/StandardSamUserDirectives.scala
index 36108ff31..d76fc97be 100644
--- a/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/StandardSamUserDirectives.scala
+++ b/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/StandardSamUserDirectives.scala
@@ -64,6 +64,9 @@ trait StandardSamUserDirectives extends SamUserDirectives with LazyLogging with
     SamUser(genWorkbenchUserId(System.currentTimeMillis()), googleSubjectId, oidcHeaders.email, azureB2CId, false)
   }
 
+  override def isWorkbenchAdmin(samUser: SamUser): Directive1[Boolean] =
+    onSuccess(cloudExtensions.isWorkbenchAdmin(samUser.email))
+
   /** Utility function that knows how to convert all the various headers into OIDCHeaders
     */
   private def requireOidcHeaders: Directive1[OIDCHeaders] =
diff --git a/src/test/scala/org/broadinstitute/dsde/workbench/sam/api/MockSamRoutesBuilder.scala b/src/test/scala/org/broadinstitute/dsde/workbench/sam/api/MockSamRoutesBuilder.scala
index be872ae98..764cd629a 100644
--- a/src/test/scala/org/broadinstitute/dsde/workbench/sam/api/MockSamRoutesBuilder.scala
+++ b/src/test/scala/org/broadinstitute/dsde/workbench/sam/api/MockSamRoutesBuilder.scala
@@ -1,7 +1,7 @@
 package org.broadinstitute.dsde.workbench.sam.api
 
 import akka.actor.ActorSystem
-import akka.http.scaladsl.server.Directives.{onSuccess, reject}
+import akka.http.scaladsl.server.Directives.{onSuccess, provide, reject}
 import akka.http.scaladsl.server._
 import akka.stream.Materializer
 import cats.effect.IO
@@ -145,9 +145,13 @@ class MockSamRoutesBuilder(allUsersGroup: WorkbenchGroup)(implicit system: Actor
       }
 
       override def extensionRoutes(samUser: SamUser, samRequestContext: SamRequestContext): Route = reject
+
       implicit val errorReportSource: ErrorReportSource = ErrorReportSource("test")
-      override def asAdminServiceUser: Directive0 = if (asServiceAdminUser) Directive.Empty
-      else reject(AuthorizationFailedRejection)
+
+      override def asAdminServiceUser: Directive0 =
+        if (asServiceAdminUser) Directive.Empty else reject(AuthorizationFailedRejection)
+
+      override def isWorkbenchAdmin(samUser: SamUser): Directive1[Boolean] = provide(asServiceAdminUser)
     }
   }
 }
diff --git a/src/test/scala/org/broadinstitute/dsde/workbench/sam/api/MockSamUserDirectives.scala b/src/test/scala/org/broadinstitute/dsde/workbench/sam/api/MockSamUserDirectives.scala
index 3b738b870..2d787bf66 100644
--- a/src/test/scala/org/broadinstitute/dsde/workbench/sam/api/MockSamUserDirectives.scala
+++ b/src/test/scala/org/broadinstitute/dsde/workbench/sam/api/MockSamUserDirectives.scala
@@ -29,4 +29,6 @@ trait MockSamUserDirectives extends SamUserDirectives {
     case None => failWith(new Exception("samUser not specified"))
     case Some(u) => provide(u)
   }
+
+  override def isWorkbenchAdmin(samUser: SamUser): Directive1[Boolean] = provide(false)
 }