Application Configuration in Azure Portal for OAuth2 Account use in Kafka

 

In this article

 

Overview

Snaps in the Kafka Snap Pack require a Kafka OAuth2 account to access Azure resources. To authorize the accounts successfully, ensure that you create and configure two applications corresponding to the account:

  • Confluent Cloud application

  • Client application

Prerequisites

An Azure account with a free subscription to create the application.

Key Steps in the Workflow

Create Two Applications in the Azure Portal

  1. Log in to the Microsoft Azure Portal.

  2. Navigate to Azure services > Microsoft Entra ID.

  3. Navigate to Add > App registration.

  4. On the Register an application page, specify the name for registering the Confluent Cloud application, which allows client applications to claim roles in Confluent Cloud, and click Register. Learn more about creating an application at Quickstart: Register an app in the Microsoft identity platform - Microsoft identity platform.

To use an existing application, navigate to Portal Home > Azure Active Directory > App registrations > All applications. In the search box, specify the application name you want to use. The details of the registered application are displayed in the search list.

This application does not need the Redirect URI.

essential-details.png
  1. Click Add an Application ID URI, which is used by the client applications to identify this application.

  2. Set the Application ID URI.

  3. Navigate to Go to App roles:

    1. Click Create app role.

    2. Set up a Dev Admin role.

    3. Choose Applications for the Allowed member types.

    4. Specify the Value as dev.environmentAdmin.

    5. Provide a useful description of what this role is supposed to allow.

  4. Navigate to Manifest in the left navigation to ensure Azure Active Directory returns version 2 tokens on its token endpoint.

    1. Search for the key for ‘accessTokenAcceptedVersion’.

    2. Update the value from null to 2, and save it.

  5. Return to the Overview and view the Endpoints, where you can copy and save the OAuth 2.0 token endpoint.

     

  6. Register the Kafka client application.

  7. Navigate to Certificates & secrets on the left navigation bar and create a new client secret.

You can copy the Client secret value only after it is generated. This value displays only once, so ensure you copy it securely.

  1. Navigate to the API permissions > Add a permission.

  2. Select the APIs my organization uses tab.

  3. Add the roles to your client application according to your Confluent Cloud registration.

  4. Copy and save the Scope parameter from the role you added to the client application.

  5. Click the Grant admin consent and confirm the grant. This completes the Azure AD configuration for the client application. You can now generate a JWT from an Azure AD OAuth 2.0 token endpoint using the Client ID, Client Secret, and Scope Parameters.

Specify the Credentials and Validate the Snap Account

  1. Navigate to the Kafka Snap of your choice and configure the Kafka OAuth2 Account with the details from the Azure portal's registered application.

  2. Validate the Snap Account.

  3. Click Apply to save the Account configuration.

 

Related content: