Single Sign-On (SSO) for Confluent Control Center on Confluent Platform

You can enable Single Sign-On (SSO) for Control Center to offload the management of your Control Center users and authentication to a supported OIDC identity provider and enforce additional security controls, like multi-factor authentication (MFA).

After enabling SSO for Control Center , your Control Center users go to the Control Center page and click Log in via SSO to sign in to Control Center using their SSO user credentials.

Considerations:

• To enable SSO for Control Center in Confluent Platform, you must configure Control Center to use an OpenID Connect (OIDC) identity. Note that Confluent Cloud supports SSO for Control Center using SAML and requires a different configuration for the identity provider.

• To use SSO with Control Center your installation must use Confluent Platform version 7.5 or later.
• SSO for Control Center using OIDC cannot be used with both on-premises Confluent Platform clusters where your Control Center is self-managed, and Confluent Cloud clusters, which use SAML for SSO.

You can enable SSO for Control Center using one of the following methods:

• For manual configuration:

  • Configure Single Sign-on (SSO) using OIDC.

• For automated configuration:

  Confluent recommends using Confluent Ansible and Confluent for Kubernetes (CFK) to automate the configuration of SSO for Control Center on Confluent Platform. For more information, see:

  • Confluent Ansible: Configure single sign-on authentication for Control Center
  • CFK: Configure single sign-on authentication for Confluent Control Center