Version: 0.2

Single Sign-On

One of the first things you'll want to do after connecting to Konstruct is set up your SSO so that you can log in as yourself and invite your team to your new Organization.

Microsoft Entra Configuration

Select Microsoft Entra ID as your identity provider Type.

Enter your Client ID and Client Secret from your Microsoft Entra configuration.

Next enter the Redirect URI for your Konstruct cluster's dex instance.

Last you'll have to enter your Tenant value and hit Save.

Troubleshooting

Large Azure AD Groups

If you belong to more than 1000 Azure AD groups, you may experience login issues due to cookie size limitations.

Symptoms:

Login fails with timeout or cookie errors
Authentication redirects in loops
"Session expired" messages

Solutions:

Ask your Azure AD administrator to reduce your group memberships
Use service accounts with fewer group assignments for automation

Note: Konstruct 0.2 includes improvements for handling large Azure AD group memberships. Contact support for assistance with specific configuration.

Next Step

Now that you've configured your SSO for your Konstruct instance, you can map your groups to our Konstruct roles when you create an Organization.

Single Sign-On​

Microsoft Entra Configuration​

Troubleshooting​

Large Azure AD Groups​

Next Step​

Single Sign-On

Microsoft Entra Configuration

Troubleshooting

Large Azure AD Groups

Next Step