diff --git a/httpd/httpd_test.go b/httpd/httpd_test.go
index 8cf53541..30252c26 100644
--- a/httpd/httpd_test.go
+++ b/httpd/httpd_test.go
@@ -5944,6 +5944,11 @@ func TestWebAdminSetupMock(t *testing.T) {
 	rr = executeRequest(req)
 	checkResponseCode(t, http.StatusFound, rr)
 	assert.Equal(t, webAdminSetupPath, rr.Header().Get("Location"))
+	req, err = http.NewRequest(http.MethodGet, webClientLoginPath, nil)
+	assert.NoError(t, err)
+	rr = executeRequest(req)
+	checkResponseCode(t, http.StatusFound, rr)
+	assert.Equal(t, webAdminSetupPath, rr.Header().Get("Location"))
 
 	csrfToken, err := getCSRFToken(httpBaseURL + webAdminSetupPath)
 	assert.NoError(t, err)
diff --git a/httpd/webclient.go b/httpd/webclient.go
index 0b6693c4..d4886a78 100644
--- a/httpd/webclient.go
+++ b/httpd/webclient.go
@@ -253,6 +253,10 @@ func renderCredentialsPage(w http.ResponseWriter, r *http.Request, pwdError stri
 }
 
 func handleClientWebLogin(w http.ResponseWriter, r *http.Request) {
+	if !dataprovider.HasAdmin() {
+		http.Redirect(w, r, webAdminSetupPath, http.StatusFound)
+		return
+	}
 	renderClientLoginPage(w, "")
 }