Single Sign-On (SSO) for Confluent Control Center (Legacy) on Confluent Platform

Important

To use SSO with Confluent Control Center (Legacy) your installation must use Confluent Platform version 7.5 or later. SSO for Confluent Control Center (Legacy) using OIDC cannot be used with both on-premises Confluent Platform clusters where your Confluent Control Center (Legacy) is self-managed, and Confluent Cloud clusters, which use SAML for SSO.

You can enable Single Sign-On (SSO) for Confluent Control Center (Legacy) to offload the management of your Confluent Control Center (Legacy) users and authentication to a supported OIDC identity provider and enforce additional security controls, like multi-factor authentication (MFA).

After enabling SSO for Confluent Control Center (Legacy), your Control Center (Legacy) users go to the Confluent Control Center (Legacy) page and click Log in via SSO to sign in to Confluent Control Center (Legacy) using their SSO user credentials.

To enable SSO for Confluent Control Center (Legacy) in Confluent Platform, you must configure Control Center (Legacy) to use an OpenID Connect (OIDC) identity. Note that Confluent Cloud supports SSO for Confluent Control Center (Legacy) using SAML and requires a different configuration for the identity provider.

You can enable SSO for Confluent Control Center (Legacy) using one of the following methods:

• For manual configuration:

  • Configure Single Sign-on (SSO) using OIDC.

• For automated configuration:

  Confluent recommends using Confluent Ansible and Confluent for Kubernetes (CFK) to automate the configuration of SSO for Confluent Control Center (Legacy) on Confluent Platform. For more information, see:

  • Confluent Ansible: Configure single sign-on authentication for Control Center
  • CFK: Configure single sign-on authentication for Confluent Control Center