Logging In

Hosted

Log in to Konstruct at konstruct.saas.civo.com using your Civo account credentials. No additional setup is required — authentication is handled through Civo SSO.

note

If your organization requires a different identity provider, you can configure additional SSO connectors after your first login. See Single Sign-On for setup instructions.

Self-Hosted

After your Konstruct instance is deployed, navigate to your instance URL to access the login page.

Konstruct uses Dex as an identity broker, allowing you to bring your own OIDC/SSO provider. You can log in via SSO or with local credentials. For your initial login, you'll need to login with kbot so that you can configure your OIDC details.

Default Login with kbot

note

This section applies to Self-Hosted installations only. Hosted users authenticate via Civo SSO.

This account is created automatically during installation, but will require you to establish and encrypt its initial password.

To create the kbot password:

1. Create a bcrypt hash script on your local machine:

curl -sL https://konstruct.civo.com/docs/scripts/bcrypt_hash.sh -o bcrypt_hash.sh
chmod +x bcrypt_hash.sh

1. Generate a bcrypt hash for your desired password:

./bcrypt_hash.sh -create -password 'your-secure-password'

This outputs a hash like $2a$10$... that you'll use in the next step.

1. Update the kbot password hash in your Dex configuration:

kubectl edit secret -n dex dex-config

Find the staticPasswords section and update the hash value for the kbot user.

1. Restart Dex to apply the changes:

kubectl rollout restart deployment -n dex dex

1. Log in to Konstruct using username kbot and the password you chose.

tip

You can verify your password against an existing hash:

./bcrypt_hash.sh -verify -password 'your-password' -hash '$2a$10$...'

Configuring SSO

Once logged in, configure your identity provider to enable SSO for your team. See Single Sign-On for setup instructions.