Use Single Sign-on with Azure Marketplace

When you create a Confluent Cloud organization through Azure Marketplace, Confluent automatically enables single sign-on (SSO) for your organization based on OpenID Connect (OIDC) using the associated Microsoft Entra ID (Azure Active Directory) as the identity provider. OIDC is an authentication protocol that is built on top of the OAuth 2.0 framework for user identities.

On the Single sign-on page in the Confluent Cloud Console at https://confluent.cloud/settings/security/sso, you can:

  • Verify that SSO is enabled for your organization. You should see the following message: “You have already enabled Single Sign-on (SSO) through your Azure Active Directory and you cannot change the configuration.”
  • Get the Sign-On link for your organization. This is the URL that you can use to sign in to your Confluent Cloud organization using SSO.

Note: With SSO through Azure Marketplace, the user identification is the email address attribute in Microsoft Entra ID (Azure Active Directory). If the email address attribute is not available, the user identification is the user principal name (UPN) attribute is used as the Confluent email address identifier.

Sign in to Confluent Cloud using Azure SSO

To sign in to Confluent Cloud using Azure SSO:

  1. Go to the Sign-On link for your organization on the Single sign-on page in the Confluent Cloud Console at https://confluent.cloud/settings/security/sso.

  2. Enter your Microsoft Entra ID (Azure Active Directory) credentials.

  3. If this is your first time signing in to Confluent Cloud using Azure SSO, a Permissions requested dialog appears, requesting to:

    • Sign you in and read your profile
    • Read directory data

    These permissions allow Azure to send groups to Confluent Cloud for group mapping.

    Click Accept.

You are signed in to Confluent Cloud using Azure OIDC SSO.