diff --git a/lib/Provider/AtLoginProvider.php b/lib/Provider/AtLoginProvider.php
new file mode 100644
index 0000000..5667c0d
--- /dev/null
+++ b/lib/Provider/AtLoginProvider.php
@@ -0,0 +1,70 @@
+<?php
+
+declare(strict_types = 1);
+
+namespace OCA\TwoFactorEmail\Provider;
+
+use OCA\TwoFactorEmail\Provider\Email as EmailProvider;
+use OCA\TwoFactorEmail\Service\StateStorage;
+use OCP\Authentication\TwoFactorAuth\ILoginSetupProvider;
+use OCP\Template;
+use OCP\IUser;
+use OCA\TwoFactorEmail\Service\Email as EmailService;
+use OCP\IConfig as OCCONFIG;
+use OCP\Authentication\TwoFactorAuth\IRegistry;
+
+class AtLoginProvider implements ILoginSetupProvider {
+
+	/** @var IUser */
+	private $myUser;
+
+	/** @var EmailService */
+	private $emailService;
+
+	/** @var OCCONFIG */
+	private $occonfig;
+
+	/** @var IRegistry */
+	private $registry;
+
+	/** @var Email */
+	private $provider;
+
+	private $mySecret;
+	private $stateStorage;
+
+	public function __construct(IUser $myUser, $mySecret, EmailService $EmailService, OCCONFIG $occonfig, IRegistry $registry, Email $provider, StateStorage $stateStorage) {
+		$this->myUser = $myUser;
+		$this->mySecret = $mySecret;
+		$this->emailService = $EmailService;
+		$this->occonfig = $occonfig;
+		$this->registry = $registry;
+		$this->provider = $provider;
+		$this->stateStorage = $stateStorage;
+	}
+
+	private function setEnabledActivity() {
+		$isEnforced = $this->occonfig->getSystemValue('twofactor_enforced');
+		if ($isEnforced) {
+			$this->registry->enableProviderFor($this->provider, $this->myUser);
+		}
+	}
+
+	public function getBody(): Template {
+		if($this->myUser->getEMailAddress() === null) {
+			return new Template('twofactor_email', 'error_email_empty');
+		}
+		try {
+			$this->emailService->send($this->myUser, $this->mySecret);
+		} catch (\Exception $ex) {
+			return new Template('twofactor_email', 'error');
+		}
+		$this->setEnabledActivity();
+		$this->stateStorage->persist(
+			State::verifying($this->myUser, $this->mySecret)
+		);
+		$tmpl = new Template('twofactor_email', 'challenge_forFirstConfig');
+		$tmpl->assign('emailAddress', $this->myUser->getEmailAddress());
+		return $tmpl;
+	}
+}
diff --git a/lib/Provider/Email.php b/lib/Provider/Email.php
index e6ed571..4f197f0 100644
--- a/lib/Provider/Email.php
+++ b/lib/Provider/Email.php
@@ -8,7 +8,8 @@
 use OCA\TwoFactorEmail\Service\Email as EmailService;
 use OCA\TwoFactorEmail\Service\StateStorage;
 use OCA\TwoFactorEmail\Settings\PersonalSettings;
-
+use OCP\Authentication\TwoFactorAuth\IActivatableAtLogin;
+use OCP\Authentication\TwoFactorAuth\ILoginSetupProvider;
 use OCP\Authentication\TwoFactorAuth\IPersonalProviderSettings;
 use OCP\Authentication\TwoFactorAuth\IProvider;
 use OCP\Authentication\TwoFactorAuth\IProvidesIcons;
@@ -20,8 +21,11 @@
 use OCP\IUser;
 use OCP\Security\ISecureRandom;
 use OCP\Template;
+use OCP\AppFramework\IAppContainer;
+use OCP\IConfig as OCCONFIG;
+use OCP\Authentication\TwoFactorAuth\IRegistry;
 
-class Email implements IProvider, IProvidesIcons, IProvidesPersonalSettings {
+class Email implements IProvider, IProvidesIcons, IProvidesPersonalSettings, IActivatableAtLogin {
 	public const STATE_DISABLED = 0;
 	public const STATE_VERIFYING = 1;
 	public const STATE_ENABLED = 2;
@@ -53,7 +57,10 @@ public function __construct(EmailService $emailService,
 								ISecureRandom $secureRandom,
 								IL10N $l10n,
 								IInitialStateService $initialStateService,
-								IURLGenerator $urlGenerator) {
+								IURLGenerator $urlGenerator,
+								IAppContainer $container,
+								OCCONFIG $occonfig,
+								IRegistry $registry) {
 		$this->emailService = $emailService;
 		$this->stateStorage = $stateStorage;
 		$this->session = $session;
@@ -61,6 +68,9 @@ public function __construct(EmailService $emailService,
 		$this->l10n = $l10n;
 		$this->initialStateService = $initialStateService;
 		$this->urlGenerator = $urlGenerator;
+		$this->container = $container;
+		$this->occonfig = $occonfig;
+		$this->registry = $registry;
 	}
 
 	private function getSessionKey(): string {
@@ -142,10 +152,14 @@ public function getPersonalSettings(IUser $user): IPersonalProviderSettings {
 	}
 
 	public function getLightIcon(): String {
-		return $this->urlGenerator->imagePath(Application::APP_NAME, 'app.svg');
+		return $this->urlGenerator->imagePath(Application::APP_NAME, 'app.svg') ?? '';
 	}
 
 	public function getDarkIcon(): String {
-		return $this->urlGenerator->imagePath(Application::APP_NAME, 'app-dark.svg');
+		return $this->urlGenerator->imagePath(Application::APP_NAME, 'app-dark.svg') ?? '';
+	}
+
+	public function getLoginSetup(IUser $user): ILoginSetupProvider {
+		return new AtLoginProvider($user, $this->getSecret(), $this->emailService, $this->occonfig, $this->registry, $this, $this->stateStorage);
 	}
 }
diff --git a/templates/challenge_forFirstConfig.php b/templates/challenge_forFirstConfig.php
new file mode 100644
index 0000000..8c91604
--- /dev/null
+++ b/templates/challenge_forFirstConfig.php
@@ -0,0 +1,9 @@
+<img class="two-factor-icon" src="<?php print_unescaped(image_path('twofactor_email', 'app.svg')); ?>" alt="<?php p($l->t('Two-Factor Email app icon')); ?>">
+<p><?php p($l->t('A code has been sent to your email address.')) ?></p>
+<p><?php p($l->t('Verify your email address to enable Two-Factor Email (for your account)')) ?></p>
+<form method="POST" class="twofactor-email-form">
+	<input type="tel" minlength="6" maxlength="6" name="challenge" required="required" autofocus autocomplete="one-time-code" autocapitalize="off" placeholder="<?php p($l->t('Authentication code')) ?>">
+	<button class="primary two-factor-submit" type="submit">
+		<?php p($l->t('Submit')); ?>
+	</button>
+</form>
diff --git a/templates/error_email_empty.php b/templates/error_email_empty.php
new file mode 100644
index 0000000..0127896
--- /dev/null
+++ b/templates/error_email_empty.php
@@ -0,0 +1,3 @@
+<fieldset class="warning">
+	<?php p($l->t('Error: you do not have an email address set. Please use a different 2FA method or ask your administrator to set up your email address for you.')); ?>
+</fieldset>