Add an OAuth or OIDC identity provider

Follow the procedures below to use the Confluent Cloud Console to configure an OAuth 2.0 identity provider (IdP) and identity pool.

To use the Confluent Cloud APIs to create, read, update, list, and delete identity providers, see Identity Providers (iam/v2).

Add an identity provider using Confluent Cloud Console

Required RBAC roles: OrganizationAdmin

You can use the Confluent Cloud Console to configure an OAuth 2.0 identity provider with one of the following options:

To configure an OAuth 2.0 identity provider:

  1. In Confluent Cloud Console, go to the Identity providers tab under Accounts & access at http://confluent.cloud/settings/org/identity_providers.

  2. Click Add identity providers.

  3. Select the OIDC identity provider type and click Next.

  4. Click Azure AD, Okta or Other OIDC identity provider and complete the fields.

    Name

    Enter a meaningful name for your Azure AD identity provider.

    Description

    Enter meaningful information for using and managing this provider.

    Tenant ID

    Enter the tenant identifier.

    Import from OIDC Discovery URL

    Click to import metadata required to configure your OIDC provider. This option adds the OIDC Discovery URL and automatically fills the JWKS URI and Issuer URI fields.

    JWKS URI

    Enter the URI for JSON Web Key Set (JWKS).

    JSON Web Key Sets (JWKS) provides a set of keys containing the public keys used to verify any JSON Web Token (JWT) issued by your Azure AD identity provider.

    Issuer URI

    Enter the issuer URI for your Azure AD authorization server.

    The unique issuer URI represents a string that represents the entity for issuing tokens.

  5. Click Validate and save. The Accounts & access page appears, displaying the Identity providers tab. Your new identity provider displays with the Status “Enabled”.

  6. Click on your new identity provider. A details page appears, showing a summary listing of your identity provider name, description, issuer URI, and JWKS URI.

You have successfully created your identity provider, but you need to set up an identity pool to use your new identity provider.