Emma supports two ways to log in:
Single sign-on (SSO): Log in using your Microsoft or Google account. This is the recommended method for most organizations.
Email and OTP: Enter your email address and Emma will send you a one-time password (OTP) — a 6-digit access code — to your inbox. Use this code to complete your login.
Microsoft login: "Need admin approval"
If you see a Need admin approval screen when trying to log in with your Microsoft account, it means your organization's Microsoft admin has not yet approved Emma as an application for your tenant. Your Microsoft admin can resolve this in one of two ways: Option 1 — Admin logs in and approves for the whole organization
Ask your Microsoft admin to log in to Emma using their own Microsoft account. During the Microsoft authorization flow, they will be prompted to approve Emma for the entire organization. Once approved, everyone in your organization can log in with their Microsoft accounts immediately.
Option 2 — Configure approval in Microsoft Entra ID
Your Microsoft admin can grant tenant-wide admin consent directly in Microsoft Entra ID using this guide. This also lets the admin control who in the organization can access Emma.
If you don't know who your Microsoft admin is, or you need access right away, you can always log in using Email and OTP instead — enter your email address and Emma will send you a 6-digit code to your inbox.
---
Google login: "Access denied" or "This app is blocked"
If you see an Access denied or This app is blocked screen when trying to log in with your Google account, your organization's Google Workspace admin has restricted third-party app access and Emma has not yet been approved.
Your Google Workspace admin can allow Emma in the Google Admin Console:
Go to Google Admin Console → Security → Access and data control → API controls.
Click Manage third-party app access.
Click Add app → OAuth App Name Or Client ID and search for Emma Legal.
Select Emma and set access to Trusted (or Limited if you want to restrict to specific organizational units).
Save. Users in your organization can now sign in with Google immediately.
If your Google admin is unavailable, you can always log in using Email and OTP instead — enter your email address and Emma will send you a 6-digit code to your inbox.
---
Email OTP sign-in experience
When you choose to sign in using email, you will:
Enter your email address.
Emma will send a 6-digit code to your email and show a "Check your email" heading, along with a message confirming:
We've sent a 6-digit code to [email protected]
Underneath the heading, you'll see a "Wrong email? Change it" link. If you click it, you'll return to the email entry step with your previously entered address pre-filled.
Enter the 6-digit OTP from your inbox to complete sign-in.
If you need to resend the code
You can request a new code directly from the OTP entry screen. If the new code is sent successfully, an inline message will confirm:
A new code has been sent to [email protected]
If there is an error resending the code, you'll see a notification at the bottom explaining the issue. The resend cooldown timer will not restart if there's an error.
Not receiving your OTP?
If you requested an OTP but it hasn't arrived, check the following: 1. Check your spam or junk folder
Security emails can sometimes be misidentified as spam. Search your spam or junk folder for an email from [email protected] and move it to your inbox if you find it there.
2. Sync your mailbox
Some mail clients (such as Microsoft Outlook on desktop) do not fetch new messages in real time. Try manually refreshing or syncing your inbox before requesting a new OTP.
3. Request a new code
OTP codes expire after a few minutes. If yours has expired, go back to the login screen and request a new one.
Email stuck in quarantine? (for IT and email admins)
In organizations with strict email security policies, automated emails like OTPs can be held in quarantine before they reach the recipient's inbox. If users consistently cannot receive their login emails, your IT or email administrator should check whether messages from [email protected] are being quarantined.
To permanently resolve this, we recommend allowlisting the sender address [email protected] or the domain insights-emma.com in your email security platform.
Below are direct links to the quarantine management consoles and documentation for the most common platforms:
Microsoft 365 (Defender for Office 365)
Go directly to the quarantine page: https://security.microsoft.com/quarantine
Find the held message on the Email tab, select it, and click Release. For messages that can only be released by an admin, select Release email from the details panel.
Full admin guide: Manage quarantined messages and files as an admin
Google Workspace (Gmail)
Go directly to the moderation tool: https://admin.google.com/ac/moderation
Locate the held message, check the box next to it, and click Allow to release it to the recipient.
Full admin guide: Manage quarantined messages in Google Workspace
Mimecast
In the Mimecast Administration Console, navigate to Administration > Gateway > Held Messages. Select the message and choose Release from the action menu.
Full admin guide: Held Messages - Monitoring
Proofpoint Essentials
Log in to your Proofpoint Essentials Admin Console (use the URL for your stack, e.g. https://eu1.proofpointessentials.com for EU or https://us1.proofpointessentials.com for US). Go to Tools > Log Search, filter by Status: Quarantined, find the message, and select Actions > Release from Quarantine.
If you need additional help logging in or you encounter any other problem, don't hesitate to reach out to us through the chat bubble in the bottom right or contact [email protected].