User Accounts for Confluent Cloud

Each user account represents a single human, and allows management of that person’s access to Confluent Cloud.

User accounts are an organization-level resource, and there is a limit on the number of user accounts in an organization.

User accounts may be local to Confluent Cloud, or authenticate via Single sign-on. Local users are uniquely identified by their email address, and authenticate using a password managed in Confluent Cloud.

User accounts are able to sign in to the Confluent Cloud Console, Confluent Cloud CLI, and may own all types of API keys.

Role-based access control roles can be applied to user accounts.

Kafka ACLs cannot be applied to user accounts. Instead, use service accounts with ACLs for accessing Kafka clusters in Confluent Cloud while limiting access to only what’s necessary.

You can create and manage user accounts using the Confluent Cloud Console or ccloud admin user CLI command.

A given user (corresponding to a specific email address) may only be a member of one organization at a time.

If your email provider supports tagging with a plus sign (+), then you can create a new user account using your existing email address with a different tag. For example, if you have an user account using myemail@gmail.com that belongs to Organization 1, and you want to collaborate with your coworker in Organization 2, your coworker could invite myemail+org2@gmail.com to Organization 2. You will be able to log in to Organization 1 with myemail@gmail.com or Organization 2 with myemail+org2@gmail.com. Alternatively, you can ask Confluent support to deactivate Organization 1, so your coworker can invite myemail@gmail.com to Organization 2.