> ## Documentation Index
> Fetch the complete documentation index at: https://docs.streamnative.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Use OAuth/OIDC to Authenticate to StreamNative Cloud

<Note title="Note">
  OAuth/OIDC Federation is currently in Private Preview and is only available for **BYOC Pro** clusters. If you are interested in this feature, please join our [Early Access Program](https://hs.streamnative.io/early-access-program-for-streamnative).
</Note>

StreamNative Cloud uses its own OAuth2 provider for authenticating [User Accounts](/cloud/security/authentication/user-accounts) and [Service Accounts](/cloud/security/authentication/service-accounts/service-accounts). However, you may want to use your existing OAuth/OIDC-compliant identity provider (IdP) for authentication instead.

OAuth/OIDC Federation enables this capability by allowing you to configure StreamNative Cloud to authenticate users through your organization's existing OAuth/OIDC-compliant identity provider.

## Key Features

* Manage application identities and credentials through your own identity provider
* Authenticate to StreamNative Cloud resources using secure, short-lived JSON Web Tokens (JWTs)
* Leverage StreamNative's OIDC Federation service to securely integrate with your identity provider using standards-compliant tokens based on the [OAuth 2.0 Authorization Framework \[RFC 6749\]](https://tools.ietf.org/html/rfc6749) and [OpenID Connect (OIDC)](https://openid.net/connect/)
* Configure identity pools to map group memberships and other attributes to access policies (RBAC or ACLs)

## Feature availability and limitations

* This feature is currently available only for **BYOC Pro** clusters for Private Preview. To get access, please join our [Early Access Program](https://hs.streamnative.io/early-access-program-for-streamnative).
* Identity pools and the ACLs for identity pools can be managed only by using [`snctl`](/tools/cli/snctl/snctl-overview) or the [Cloud API](/api-references/cloudapi/cloud-api).

## OIDC Federation Flow

The following diagram illustrates the OIDC Federation flow for an organization.

<img src="https://mintcdn.com/streamnative/DYzjgCK90kxVTpdd/media/oidc-flow.png?fit=max&auto=format&n=DYzjgCK90kxVTpdd&q=85&s=d739d57bd92e84d6b2d767d9f1ceb674" alt="OIDC Federation flow" width="2016" height="1397" data-path="media/oidc-flow.png" />

The OIDC Federation process consists of these key steps:

1. **Configure OAuth/OIDC Identity Provider**:

   To use OIDC Federation, you must first establish trust between StreamNative Cloud and your identity provider by adding it as a trusted identity provider in StreamNative Cloud. This involves:

   * Defining the identity provider type
   * Creating a trust relationship between StreamNative Cloud and your identity provider
   * Adding the claims needed for authentication and authorization

2. **Create an Identity Pool and Access Policies**:

   Create an identity pool to represent a group of external identities. This allows you to assign appropriate access levels through policies.

3. **Configure Clients to Use Your Identity Provider**:

   Obtain the **Client ID** and **Client Secret** from your identity provider to configure clients for OAuth2 authentication. For more details, see [Use OAuth to Authenticate to StreamNative Cloud](/cloud/security/authentication/service-accounts/use-oauth/oauth-overview).

4. **Token Validation and Authorization**:

   StreamNative Cloud validates incoming tokens using the trust JSON Web Key Set (JWKS), extracts the authenticated ID (`sub`) or other configured claims, and matches the authenticated identity to the appropriate identity pool for authorization.