streamnative.io
Help Center
Login
  1. StreamNative Cloud
  2. Manage Security
  3. Manage Authentication
  4. OIDC Identity Providers

Use OAuth/OIDC to Authenticate to StreamNative Cloud

Note

OAuth/OIDC Federation is currently in Private Preview and is only available for BYOC Pro clusters. If you are interested in this feature, please join our Early Access Program.

StreamNative Cloud uses its own OAuth2 provider for authenticating User Accounts and Service Accounts. However, you may want to use your existing OAuth/OIDC-compliant identity provider (IdP) for authentication instead.

OAuth/OIDC Federation enables this capability by allowing you to configure StreamNative Cloud to authenticate users through your organization's existing OAuth/OIDC-compliant identity provider.

Key Features

  • Manage application identities and credentials through your own identity provider
  • Authenticate to StreamNative Cloud resources using secure, short-lived JSON Web Tokens (JWTs)
  • Leverage StreamNative's OIDC Federation service to securely integrate with your identity provider using standards-compliant tokens based on the OAuth 2.0 Authorization Framework [RFC 6749] and OpenID Connect (OIDC)
  • Configure identity pools to map group memberships and other attributes to access policies (RBAC or ACLs)

Feature availability and limitations

  • This feature is currently available only for BYOC Pro clusters for Private Preview. To get access, please join our Early Access Program.
  • Identity pools and the ACLs for identity pools can be managed only by using snctl or the Cloud API.

OIDC Federation Flow

The following diagram illustrates the OIDC Federation flow for an organization.

OIDC Federation flow

The OIDC Federation process consists of these key steps:

  1. Configure OAuth/OIDC Identity Provider:

    To use OIDC Federation, you must first establish trust between StreamNative Cloud and your identity provider by adding it as a trusted identity provider in StreamNative Cloud. This involves:

    • Defining the identity provider type
    • Creating a trust relationship between StreamNative Cloud and your identity provider
    • Adding the claims needed for authentication and authorization

  2. Create an Identity Pool and Access Policies:

    Create an identity pool to represent a group of external identities. This allows you to assign appropriate access levels through policies.

  3. Configure Clients to Use Your Identity Provider:

    Obtain the Client ID and Client Secret from your identity provider to configure clients for OAuth2 authentication. For more details, see Use OAuth to Authenticate to StreamNative Cloud.

  4. Token Validation and Authorization:

    StreamNative Cloud validates incoming tokens using the trust JSON Web Key Set (JWKS), extracts the authenticated ID (sub) or other configured claims, and matches the authenticated identity to the appropriate identity pool for authorization.

Previous
Configure Kafka Clients
Next
Manage OIDC identity providers