Single Sign-On (SSO) for Confluent Control Center (Legacy)

Important

To use SSO with Confluent Control Center (Legacy) your installation must use Confluent Platform version 7.5 or later. SSO for Confluent Control Center (Legacy) using OIDC cannot be used with both on-premises Confluent Platform clusters where your Confluent Control Center (Legacy) is self-managed, and Confluent Cloud clusters, which use SAML for SSO.

You can enable Single Sign-On (SSO) for Confluent Control Center (Legacy) to offload the management of your Confluent Control Center (Legacy) users and authentication to a supported OIDC identity provider and enforce additional security controls, like multi-factor authentication (MFA).

After enabling SSO for Confluent Control Center (Legacy), your Control Center (Legacy) users go to the Confluent Control Center (Legacy) page and click Log in via SSO to sign in to Confluent Control Center (Legacy) using their SSO user credentials.

To enable SSO for Confluent Control Center (Legacy), you must configure Control Center (Legacy) to use an OpenID Connect (OIDC) identity. SSO for Confluent Cloud is supported using SAML. Note that SSO for Confluent Control Center (Legacy) cannot be used for Confluent Platform deployments where Confluent Control Center (Legacy) is self-managed, but Kafka clusters are fully managed by Confluent.

You can enable SSO for Confluent Control Center (Legacy) using one of the following methods:

• For manual configuration:

  • Configure Single Sign-on (SSO) using OIDC.

• For automated configuration:

  Confluent recommends using Confluent Ansible and Confluent for Kubernetes (CFK) to automate the configuration of SSO for Confluent Control Center (Legacy) on Confluent Platform. For more information, see:

  • Confluent Ansible: Configure single sign-on authentication for Control Center
  • CFK: Configure single sign-on authentication for Confluent Control Center