Single Sign-On (SSO) for Confluent Control Center on Confluent Platform

Important

The version of Control Center included with Confluent Platform version 7.9 and earlier is now considered legacy. Starting with Confluent Platform version 8.0, Control Center (Legacy) is being discontinued and an improved Control Center is now launched. This new and improved Control Center is available as a separate download and is the recommended alternative to Control Center (Legacy).

Important

To use SSO with Confluent Control Center your installation must use Confluent Platform version 7.5 or later. SSO for Confluent Control Center using OIDC cannot be used with both on-premises Confluent Platform clusters where your Confluent Control Center is self-managed, and Confluent Cloud clusters, which use SAML for SSO.

You can enable Single Sign-On (SSO) for Confluent Control Center to offload the management of your Confluent Control Center users and authentication to a supported OIDC identity provider and enforce additional security controls, like multi-factor authentication (MFA).

After enabling SSO for Confluent Control Center, your Control Center users go to the Confluent Control Center page and click Log in via SSO to sign in to Confluent Control Center using their SSO user credentials.

To enable SSO for Confluent Control Center in Confluent Platform, you must configure Control Center to use an OpenID Connect (OIDC) identity. Note that Confluent Cloud supports SSO for Confluent Control Center using SAML and requires a different configuration for the identity provider.

You can enable SSO for Confluent Control Center using one of the following methods: