First Login
This guide walks you through signing up and logging in to the Ema platform for the first time.
Authentication Methods
Ema supports several authentication methods. The method available to you depends on how your workspace administrator configured the domain.
| Method | Description |
|---|---|
| SSO (Single Sign-On) | Your organization's identity provider (e.g., Okta, Azure AD) handles authentication. Ema redirects you to your IdP login page. |
| Email + Magic Link | Ema sends a one-time login link to your email. Click the link to authenticate -- no password required. |
| Email + OTP | Ema sends a 6-character one-time passcode to your email. Enter it on the verification screen. |
| Google OAuth | Sign in with your Google account. Available unless your workspace administrator has disabled Google login. |
| Microsoft Azure AD | Sign in via Microsoft's identity platform. Requires your organization to register Ema as an Azure AD application. |
Your workspace administrator determines which methods are enabled. If you are unsure which method to use, enter your email on the login page -- Ema will route you to the correct flow automatically.
Step-by-Step: First Login
1. Navigate to the Login Page
Open your browser and go to your Ema instance URL. This is typically one of:
https://app.ema.co(production)- A custom domain provided by your organization (e.g.,
https://yourcompany.ema.co)
You will see the "Let's get started" page with an email input field.
2. Enter Your Email
Type the email address your administrator invited you with and click Continue.
Ema checks your email against the workspace configuration and determines the appropriate login method:
- SSO domains -- You are redirected to your organization's identity provider.
- OTP-enabled domains -- A 6-character one-time passcode is sent to your email.
- Magic-link domains -- A temporary login link is sent to your email.
3. Complete Verification
If you are redirected to SSO:
- Authenticate with your identity provider as usual.
- You are redirected back to Ema automatically.
If you received an OTP:
- Check your email for a message from Ema containing a 6-character code.
- Enter the code on the verification screen.
- Click Verify OTP.
If you do not receive the OTP within a few minutes, click Request new OTP. There is a cooldown period between requests (typically 60 seconds). After too many failed attempts, your account may be temporarily locked for security.
If you received a magic link:
- Check your email for a message from Ema.
- Click the login link in the email.
- You are authenticated and redirected to the platform.
4. Sign in with Google (Alternative)
If your workspace has Google login enabled, you can skip the email entry and click Continue with Google directly. This opens the standard Google OAuth consent screen.
5. Sign in with Microsoft Azure AD
For organizations using Microsoft Azure AD, the SSO flow redirects you to Microsoft's login page. Authenticate with your Microsoft credentials and you are redirected back to Ema.
Azure AD integration requires that your IT administrator has registered Ema as an application in your Azure AD tenant. Contact your IT team if you see an "access denied" error.
Onboarding Flow (First-Time Users)
After your first successful authentication, Ema walks you through a brief onboarding sequence:
- What's your name -- Enter your first and last name. This is used to identify you in conversations and audit logs.
- Welcome -- A landing page that introduces the platform and directs you to the AI Employees dashboard.
After completing onboarding, you land on the AI Employees page, where you can see any AI Employees shared with you and -- if you are an admin -- create new ones.
Returning Users
On subsequent visits, Ema remembers your authentication method. Enter your email and you are routed to the same login flow. Sessions persist via token-based authentication; you remain logged in until the token expires (approximately 24 hours).
Troubleshooting
| Problem | Resolution |
|---|---|
| "Email not found" error | Your email has not been added to the workspace. Ask your administrator to invite you via Workspace Settings > Users. |
| OTP not arriving | Check your spam folder. If still missing, wait for the cooldown timer and request a new OTP. |
| "Access denied" after SSO | Your identity provider may not have granted access to the Ema application. Contact your IT team. |
| "Passwordless login is disabled" | Your domain is configured for a different login method. Try SSO or contact your administrator. |
| Account locked after too many OTP attempts | Wait for the lock period to expire (typically 15 minutes), then request a new OTP. |