UI for Apache Kafka
GithubDiscord
  • 🎓Overview
    • About
    • Features
    • Getting started
  • 🛣️Project
    • Code of Conduct
    • Roadmap
  • 🧱Development
    • Contributing
    • Setting up git
    • Building
      • Prerequisites
      • With Docker
      • Without Docker
    • WIP: Testing
  • ⚡Quick Start
    • 🔍Prerequisites
      • Kafka Permissions
        • Standalone Kafka ACLs
        • MSK (+Serverless) Setup
    • Demo run
    • AWS Marketplace
    • Persistent start
    • K8s / Helm
  • 🛠️Configuration
    • Configuration wizard
    • Configuration file
    • Compose examples
    • Helm charts
      • Quick start
      • Configuration
        • SSL example
      • Resource limits
      • Sticky sessions
    • Misc configuration properties
    • Complex configuration examples
      • Kraft mode + multiple brokers
    • Kafka w/ SSL
    • Authentication
      • Basic Authentication
      • OAuth2
      • AWS IAM
      • LDAP / Active Directory
      • SSO Guide
      • SASL_SCRAM
    • RBAC (Role based access control)
      • Supported Identity Providers
    • Data masking
    • Audit log
    • Serialization / SerDe
    • OpenDataDiscovery Integration
  • ❓FAQ
    • Common problems
    • FAQ
Powered by GitBook
On this page
  • Generic OAuth
  • Google
  • Github
  • Cognito
  • LDAP
  • Active Directory
  • Okta

Was this helpful?

Edit on GitHub
Export as PDF
  1. Configuration
  2. RBAC (Role based access control)

Supported Identity Providers

The list of supported auth mechanisms for RBAC

PreviousRBAC (Role based access control)NextData masking

Last updated 1 year ago

Was this helpful?

Generic OAuth

Any OAuth provider which is not of the list: Google, GitHub, Cognito.

Set up the auth itself first, docs and

Don't forget "custom-params.type: oauth".

      subjects:
        - provider: oauth
          type: role
          value: "role-name"

Google

Set up google auth

        - provider: oauth_google
          type: domain
          value: "memelord.lol"
        - provider: oauth_google
          type: user
          value: "kek@memelord.lol"

Github

        - provider: oauth_github
          type: organization
          value: "provectus"
        - provider: oauth_github
          type: user
          value: "memelord"

Cognito

        - provider: oauth_cognito
          type: user
          value: "zoidberg"
        - provider: oauth_cognito
          type: group
          value: "memelords"

LDAP

        - provider: ldap
          type: group
          value: "admin_staff"

Active Directory

       - provider: ldap_ad # NOT YET SUPPORTED, SEE ISSUE 3741
          type: group
          value: "admin_staff"

Okta

You can map Okta Groups to roles. First, confirm that your okta administrator has included the group claim or the groups will not be passed in the auth token.

Configure the role mapping to the okta group via generic provider mentioned above:

      subjects:
        - provider: oauth
          type: role
          value: "<okta-group-name>"

Set up github auth

Set up cognito auth

Set up LDAP auth

Not yet supported, see

Ensure roles-field in the auth config is set to groups and that groups is included in the scope, see for more details.

🛠️
here
here
first
first
first
first
Issue 3741
here