kPow.IO
kPow.IO
The Ultimate Engineering Toolkit for Apache Kafka®
kPow User Guide
About
Introduction
Our Team
Trials and Licenses
Releases
Support
Data Collection
Installation
Quick Start
System Requirements
Deployment Notes
Minimum ACL Permissions
Application Logs
OpenShift
AWS Marketplace
Troubleshooting
Configuration
Environment Variable Glossary
Kafka Cluster
Schema Registry
Kafka Connect
Multi-Cluster Management
Azure Event Hubs
Confluent Cloud
Redpanda
User Authentication
Overview
LdapLoginModule
PropertyFileLoginModule
JDBCLoginModule
OpenID/OAuth 2.0
SAML
Okta integration
AWS SSO integration
Azure AD integration
User Authorization
Overview
Simple Access Control
Role Based Access Control
Features
Kafka Streams
Data Governance
Data Policies
HTTPS Connections
Live Mode
Data Inspect
Prometheus Integration
Slack Integration
Kafka Management
Topics
Groups
Brokers
ACLs
Connect
Schema Registry
Powered by GitBook

Azure AD integration

Configure kPow with Azure AD as a SAML 2.0 identity provider to authenticate and authorize users.

User Authentication

Configuring Azure AD

  • Open the Azure Portal and select the directory to use for single sign-on.

  • Navigate to Enterprise Applications > Add an Application > Non-Gallery Application.

  • Pick a name for your application and click the Add button.

  • You should now be in the dashboard for the kPow application.

  • Navigate to Single Sign-On, select SAML as the single sign-on method.

Configure as follows:

Basic SAML Configuration

  • Identifier (Entity ID): set this to kPow

  • Reply URL (Assertion Consumer Service URL): Your kPow instance SAML URL, e.g:

    https://kpow.corp.com/saml

  • Leave the other fields blank

SAML Signing Certificate

Download the Federation Metadata XML file and optionally Certificate (Raw). Save these for later.

Integrate kPow and Azure AD SSO

Set the following environment variables and start kPow.

  • AUTH_PROVIDER_TYPE=saml

  • SAML_RELYING_PARTY_IDENTIFIER= The Identifier (Entity ID)

  • SAML_ACS_URL= The Reply URL (Assertion Consumer Service URL)

  • SAML_METADATA_FILE= The path to the Federation Metadata XML file, e.g.

    /var/saml/azure-metadata.xml

  • SAML_CERT=(optional) The path to the Certificate (Raw) .pem file, e.g.

    /var/certs/azure-saml-cert.cer

kPow will now authenticate users with Azure AD.

User Authorization

See the guide to Role Based Access Control for full configuration details.

Integrate Azure AD and kPow RBAC

Follow this guide to populate user.assignedroles, then setup attribute claims within your Enterprise Application configuration like so: (note the Rolesadditional claim).

Note: The default role (User) does not get passed as an assigned role in the SAMLResponse.

Previous
AWS SSO integration
Next - User Authorization
Overview
Last updated 6 months ago
Contents
User Authentication
Configuring Azure AD
Integrate kPow and Azure AD SSO
User Authorization
Integrate Azure AD and kPow RBAC