diff --git a/deepfence_server/handler/auth.go b/deepfence_server/handler/auth.go
index a3998bcfbc..4811a6c41a 100644
--- a/deepfence_server/handler/auth.go
+++ b/deepfence_server/handler/auth.go
@@ -150,6 +150,17 @@ func (h *Handler) LoginHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	loginRequest.Email = strings.ToLower(loginRequest.Email)
 	ctx := directory.NewContextWithNameSpace(directory.FetchNamespace(loginRequest.Email))
+
+	// if it is a fresh setup, there won't be any users in the system
+	freshSetup, err := model.IsFreshSetup(ctx)
+	if err != nil {
+		h.respondError(err, w)
+		return
+	}
+	if freshSetup {
+		h.respondError(&NotFoundError{errors.New("For a new console installation, registration by the user is required")}, w)
+		return
+	}
 	u, statusCode, pgClient, err := model.GetUserByEmail(ctx, loginRequest.Email)
 	if err != nil {
 		h.respondWithErrorCode(err, w, statusCode)
diff --git a/deepfence_server/model/user.go b/deepfence_server/model/user.go
index 83c6a978b2..e5417e41ae 100644
--- a/deepfence_server/model/user.go
+++ b/deepfence_server/model/user.go
@@ -350,6 +350,18 @@ func GetUserByEmail(ctx context.Context, email string) (*User, int, *postgresqlD
 	return &user, http.StatusOK, pgClient, nil
 }
 
+func IsFreshSetup(ctx context.Context) (bool, error) {
+	pgClient, err := directory.PostgresClient(ctx)
+	if err != nil {
+		return false, err
+	}
+	uc, err := pgClient.CountUsers(ctx)
+	if err != nil {
+		return false, err
+	}
+	return uc == 0, nil
+}
+
 func (u *User) LoadFromDBByEmail(ctx context.Context, pgClient *postgresqlDb.Queries) error {
 	// Set email field and load other fields from db
 	var err error