Sign In
Retrieve your SSO login credentials and sign in to the BoltMCP dashboard, docs, and Keycloak admin console.
Once you've installed BoltMCP and set up ingress, run this script to retrieve your SSO login credentials:
#!/usr/bin/env bash
set -euo pipefail
if [ $# -lt 1 ] || [ -z "$1" ]; then
echo "Usage: $0 <GLOBAL_DOMAIN>" >&2
echo "Please provide your global.domain, e.g. boltmcp.example.com" >&2
exit 1
fi
GLOBAL_DOMAIN=$1
echo "BoltMCP dashboard: https://web.${GLOBAL_DOMAIN}"
echo "BoltMCP docs: https://web.${GLOBAL_DOMAIN}/docs"
echo "Keycloak admin: https://auth.${GLOBAL_DOMAIN}/admin/boltmcp/console/"
echo "Username: boltmcp_admin"
printf "Password: "
kubectl get secret boltmcp-auth -n boltmcp \
-o jsonpath='{.data.boltmcp-admin-password}' | base64 -d
echoThis shows the initial password set at deployment time. If you've since updated the password in Keycloak, the value printed here will be stale.
The script output includes links to three websites from your deployment:
1. BoltMCP Dashboard
Click the link to the BoltMCP dashboard in the script output and sign in via Keycloak with the given credentials. This dashboard is where you'll create and manage your MCP servers.
2. BoltMCP Documentation
The docs are linked from the dashboard's sidebar. They're distinct from these install docs. They give instruction on how to use the dashboard, how to manage authorization and how to connect MCP clients to your MCP servers.
3. Keycloak Admin Console
The admin console is also linked from the dashboard's sidebar. This is where you'll manage users, OAuth clients and connection to any other identity providers.
OAuth Clients
As well as the Keycloak defaults, the BoltMCP Keycloak realm should already contain the following clients which are fundamental for the platform to function:
boltmcp-web- for the dashboard to authenticate usersboltmcp-mcp-server- for the MCP servers to authenticate users and agentsboltmcp-rest-api- for the internal API to verify tokens
In addition, one client is pre-configured to streamline your first server setup:
boltmcp-mcp-server-to-rest-api- for your first MCP server to authenticate users with the internal API, so that Claude can use the API
MCP clients such as Claude don't need a pre-configured client: they register themselves via the realm's CIMD client policies when connecting.
Realms
Everything related to BoltMCP lives in the boltmcp Keycloak realm, including the clients above and the boltmcp_admin user.
The admin console base URL e.g. https://auth.<global.domain> automatically redirects to the master realm, not the BoltMCP realm. Use the link in the BoltMCP dashboard sidebar to open the BoltMCP realm.
For an evaluation deployment you shouldn't need access to the master realm. But for completeness, here are the master realm admin credentials:
#!/usr/bin/env bash
set -eo pipefail
echo "Username: master_admin"
printf "Password: "
kubectl get secret boltmcp-auth -n boltmcp \
-o jsonpath='{.data.keycloak-admin-password}' | base64 -d
echo