Manage SSO Identity Provider for Confluent Cloud

You can manage your single sign-on (SSO) identity provider for Confluent Cloud by enabling, disabling, or switching to a new SSO identity provider.

Switch your SAML SSO identity provider

When you switch to a new SSO identity provider:

  • you must disable SSO with your current provider and then enable SSO with the new provider.
  • While you switch to a new SSO identity provider, your existing SSO accounts no longer have access to Confluent Cloud until you enable SSO with the new provider.
  • Users that need to sign in to Confluent Cloud during the migration process need to switch the authentication type to password. If a user does not have a Confluent Cloud password, they must select Forgot Password? to create a Confluent Cloud password to authenticate.

For assistance with switching to a new SSO provider and managing updates to your group mappings, contact Confluent Support.

Steps to switch your SSO identity provider

Switching to a new SSO identity provider involves the following steps:

  1. Sign in to the Confluent Cloud Console and go to the Single sign-on page at https://confluent.cloud/login/sso/.

    The Single sign-on page displays.

  2. Click Disable.

    When you disable SSO, the SSO user accounts associated with your organization cannot authenticate using your identity provider.

  3. Click Enable.

    Follow the instructions in Enable SSO using Confluent Cloud Console to enable SSO with your new provider.

Migrate group mappings

After you enable SAML SSO with your new identityt provider, review your SSO group mappings and ensure they work with your new SSO provider. For more information, see Manage Group Mappings for Confluent Cloud or contact Confluent Support.

Disable SSO

To disable SSO:

  1. In Confluent Cloud Console, open the sidebar menu and click ADMINISTRATION -> Single sign-on.

    The Single sign-on page displays.

  2. Scroll to the bottom of the Single sign-on page and click Disable.

When SSO is disabled, the SSO user accounts associated with your organization cannot authenticate using your identity provider, and must select Forgot Password? to create a Confluent Cloud password to authenticate.

To re-enable SSO, you must repeat the steps in Enable SAML Single Sign-on (SSO) for Confluent Cloud.