Skip to main content
Version: 22.2

Authentication

info

This feature requires an Enterprise license. To upgrade, contact Redpanda sales.

Redpanda Console supports authentication via OAuth 2.0 or OIDC for external identity providers, such as:

You can use one or more login providers at the same time. To enable SSO authentication you must create an OAuth application for your organization first. Visit the respective documentation page for guidance to setup your desired identity provider in Console. Afterwards you can configure your identity provider in Redpanda Console by providing the clientId and clientSecret in the configuration block for your provider. The configuration to add Google login support looks like this:

login:
enabled: true
# jwtSecret is a secret that is used to sign and encrypt the JSON Web tokens
# that are used by the backend for session management.
jwtSecret: abcadsdadasdasdas
google:
enabled: true
clientId: redacted.apps.googleusercontent.com
clientSecret: redacted # can be set via environment variable
# The directory config is optional. You have to configure it if you want to use
# Google groups in your RBAC role bindings.
# directory:
# serviceAccountFilepath: /etc/secrets/google-sa.json
# # targetPrincipal is the user that shall be impersonated
# # for the Google Admin API calls.
# targetPrincipal: admin@mycompany.com

By default, users don't have any permissions in Redpanda Console. This also includes permission to login at all. Thus authentication and authorization must always be used together. Continue with the authorization configuration by reading the RBAC-based authorization concept.