Authenticate to Confluent Cloud resources

Confluent Cloud resources are secured by default. You must authenticate to access them. The topics in this section cover ways you can authenticate to Confluent Cloud and your resources using API keys, OAuth, or SAML single sign-on (SSO).

Use API Keys

Confluent Cloud API keys are used to control access to Confluent Cloud components and resources. Each API key consists of a key and a secret. You can use the cloud API keys and resource API keys to control access to your Confluent Cloud components and services.

Use OAuth

Confluent OAuth supports the OAuth 2.0 protocol for authentication and authorization. OAuth is an open-standard protocol that grants access to supported clients using a temporary access token. Supported clients use delegated authorization to access and use Confluent Cloud resources and data on the behalf of a user or application.

Use Single Sign-on (SSO)

Confluent Cloud supports single sign-on (SSO) using your existing SAML-based identity provider (IdP). With SSO, enterprise users can log in to multiple, unrelated systems using a single user ID and password. This improves security and decreases service and troubleshooting issues associated with individual sign-ins.

Authentication Security Protections

Confluent monitors authentication attempts to Confluent Cloud local user accounts to detect anomalies and protect your Confluent Cloud resources from unauthorized access. When suspicious behavior is detected, Confluent uses security protections to safeguard your Confluent Cloud resources by preventing brute force attacks, throttling suspicious IP addresses, and preventing automated sign-up attempts.