First Login & Security Setup
After starting MosBot OS for the first time, complete these steps to secure your installation.
1. Log in
Open http://localhost:5173 (or your configured dashboard URL) and log in with:
- Email: the value of
BOOTSTRAP_OWNER_EMAILfrom your.env - Password: the value of
BOOTSTRAP_OWNER_PASSWORDfrom your.env
2. Remove the bootstrap password
The BOOTSTRAP_OWNER_PASSWORD variable is only needed for the very first startup. Once you've
logged in successfully:
-
Open
mosbot-api/.env -
Remove or blank out
BOOTSTRAP_OWNER_PASSWORD:# BOOTSTRAP_OWNER_PASSWORD= # removed after first login -
Restart the API:
cd mosbot-api
docker compose restart api
# or: make restart (if available)
This prevents the bootstrap password from being used to reset or recreate the owner account.
3. Change your password
It's good practice to change the bootstrap password to something you've chosen yourself:
- In the dashboard, go to Settings → Users
- Find your account and click Edit
- Set a new strong password
4. Invite additional users
If you have team members who need access:
- Go to Settings → Users
- Click Add User
- Assign an appropriate role:
| Role | Access level |
|---|---|
| Owner | Full access, including user management and system settings |
| Admin | Full access except user management |
| User | Read/write access to tasks and workspaces |
| Agent | Agent-level access (used for AI agent accounts) |
See Security → Roles & Permissions for the full permissions matrix.
5. Connect OpenClaw
If you installed OpenClaw as recommended, add the integration variables to your .env to enable
agent monitoring, workspace browsing, and org chart features:
OPENCLAW_WORKSPACE_URL=http://localhost:8080
OPENCLAW_WORKSPACE_TOKEN=your-workspace-token
OPENCLAW_GATEWAY_URL=http://localhost:18789
OPENCLAW_GATEWAY_TOKEN=your-gateway-token
Then restart the API:
cd mosbot-api
docker compose restart api
See OpenClaw Integration for the full setup guide.
Production checklist
Before exposing MosBot OS to the internet, review the Production Checklist.