Single Sign-On (SSO) for Confluent Control Center on Confluent Platform

You can enable Single Sign-On (SSO) for Confluent Control Center to offload the management of your Confluent Control Center users and authentication to a supported OIDC identity provider and enforce additional security controls, like multi-factor authentication (MFA).

After enabling SSO for Confluent Control Center, your Control Center users go to the Confluent Control Center page and click Log in via SSO to sign in to Confluent Control Center using their SSO user credentials.

To enable SSO for Confluent Control Center in Confluent Platform, you must configure Control Center to use an OpenID Connect (OIDC) identity. Note that Confluent Cloud supports SSO for Confluent Control Center using SAML and requires a different configuration for the identity provider.

You can enable SSO for Confluent Control Center using one of the following methods:

• For manual configuration:

  • Configure Single Sign-on (SSO) using OIDC.

• For automated configuration:

  Confluent recommends using Confluent Ansible and Confluent for Kubernetes (CFK) to automate the configuration of SSO for Confluent Control Center on Confluent Platform. For more information, see:

  • Confluent Ansible: Configure single sign-on authentication for Control Center
  • CFK: Configure single sign-on authentication for Confluent Control Center