Docs Self-Managed Manage Redpanda Console Configuration Security Authentication You are viewing the Self-Managed v24.3 beta documentation. We welcome your feedback at the Redpanda Community Slack #beta-feedback channel. To view the latest available version of the docs, see v24.2. Authentication This section pertains to Redpanda Console in a self-managed deployment, and this feature requires an Enterprise license. To upgrade, contact Redpanda sales. Redpanda Console supports authentication using OAuth 2.0 or OIDC for external identity providers, such as: AzureAD Google GitHub Keycloak Okta Generic OIDC You can use one or more login providers at the same time. To enable SSO authentication, you must create an OAuth application for your organization first. Refer to the respective documentation page for guidance to set up your desired identity provider in Redpanda Console. Afterwards, you can configure your identity provider in Redpanda Console by providing the clientId and clientSecret in the configuration block for your provider. The configuration to add Google login support looks like this: login: enabled: true # jwtSecret is the secret key you must use to sign and encrypt the JSON # web token used to store user sessions. This secret key is # critical for the security of Redpanda Console's authentication and # authorization system. Use a long, complex key with a combination of # numbers, letters, and special characters. While you must use a minimum of # 10 characters, Redpanda recommends using more than 32 # characters. For additional security, use a different secret key for # each environment. jwtSecret can be securely generated with the following # command: LC_ALL=C tr -dc '[:alnum:]' < /dev/random | head -c32 # # If you update this secret key, any users who are # already logged in to Redpanda Console will be logged out and will have # to log in again. jwtSecret: "" google: enabled: true clientId: redacted.apps.googleusercontent.com clientSecret: redacted # can be set with an environment variable # The directory config is optional. You have to configure it if you want to use # Google groups in your RBAC role bindings. # directory: # serviceAccountFilepath: /etc/secrets/google-sa.json # # targetPrincipal is the user that shall be impersonated # # for the Google Admin API calls. # targetPrincipal: admin@mycompany.com By default, users don’t have any permissions in Redpanda Console, including permission to log in. After you set up authentication, continue with the authorization configuration by reading about RBAC-based authorization. Suggested labs Enable Plain Login Authentication for Redpanda ConsoleSearch all labs Back to top × Simple online edits For simple changes, such as fixing a typo, you can edit the content directly on GitHub. Edit on GitHub Or, open an issue to let us know about something that you want us to change. Open an issue Contribution guide For extensive content updates, or if you prefer to work locally, read our contribution guide . Was this helpful? thumb_up thumb_down group Ask in the community mail Share your feedback group_add Make a contribution Security Azure AD