> ## Documentation Index
> Fetch the complete documentation index at: https://docs.maia.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Kafka authentication guide

export const maia = "Maia";

This is a step-by-step guide to acquiring credentials for authorizing the [Kafka](/docs/components/kafka) connector using OAuth 2.0 client credentials authentication.

***

## Prerequisites

You need an OAuth 2.0 authorization server from an identity provider—such as Auth0, Keycloak, Okta, OneLogin, or OpenID—to create an app to acquire your client ID, client secret, access token URL, and scopes. Consult the documentation for your identity provider to learn how to create an app and to acquire credentials.

***

## Add a Kafka OAuth connection

1. Log in to your [{maia} account](https://app.matillion.com/start).

2. In the left navigation, click the Projects icon.

3. Choose your project. Not set up a project yet? Read [Projects](/docs/guides/projects) to get started.

4. Click **OAuth** and then click **Add OAuth connection**.

5. Complete the fields using the reference table below.

   | Field               | Description                                                                                                                                                                                                                                                    |
   | ------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   | OAuth name          | A unique, descriptive name for your new Kafka OAuth connection.                                                                                                                                                                                                |
   | Provider            | Choose `Kafka` or `Kafka Confluent Cloud`, depending on your setup.                                                                                                                                                                                            |
   | Authentication Type | Choose `OAuth 2.0 Client Credentials`.                                                                                                                                                                                                                         |
   | Client ID           | The client ID of your app created in your identity provider.                                                                                                                                                                                                   |
   | Client Secret       | The client secret of your app created in your identity provider.                                                                                                                                                                                               |
   | Access Token URL    | The access token URL from your identity provider.                                                                                                                                                                                                              |
   | Scope               | The name of a scope set up in your identity provider. Scopes define and limit the permissions granted to a client application.                                                                                                                                 |
   | Cluster ID          | Kafka Confluent Cloud only. The cluster ID of the Confluent component you're connecting to. Read [View a cluster ID](https://docs.confluent.io/platform/current/security/authorization/rbac/rbac-get-cluster-ids.html#view-a-cluster-id) for more information. |
   | Identity Pool ID    | Kafka Confluent Cloud only. The name of your identity pool. Read [Add an identity pool](https://docs.confluent.io/cloud/current/security/authenticate/workload-identities/identity-providers/oauth/identity-pools.html) for more information.                  |

6. Click **Authorize**.

7. A new browser tab will open, connecting you to the identity provider. Upon successful connection and authorization, this browser tab will close.

8. The **OAuth connections** menu will now display your new OAuth connection.

Your new OAuth connection is ready for use with the [Kafka](/docs/components/kafka) connector.
