Anthos clusters on Azure is available for customers with an existing support relationship with Google Cloud. Contact your account representative for access.

Manage identity with Anthos Identity Service

Anthos clusters on Azure supports OpenID Connect (OIDC) as an authentication mechanism for interacting with a cluster's Kubernetes API server, using Anthos Identity Service. Anthos Identity Service is an authentication service that lets you bring your existing identity solutions for authentication to multiple Anthos environments. Users can log in to and use your Anthos clusters from the command line or from the Cloud Console, all using your existing identity provider.

For an overview of how Anthos Identity Service works, see Introducing Anthos Identity Service.

If you already use or want to use Google IDs to log in to your Anthos clusters instead of an OIDC provider, we recommend using the Connect gateway for authentication. Find out more in Connecting to registered clusters with the Connect gateway.

Before you begin

Setup process and options

  1. Register Anthos Identity Service as a client with your OIDC provider following the instructions in Configuring providers for Anthos Identity Service.

  2. Choose from the following cluster configuration options:

    • Configure your clusters at fleet level following the instructions in Configuring clusters for fleet-level Anthos Identity Service (preview, Anthos clusters on Azure version 1.8 and higher). With this option, your authentication configuration is centrally managed by Google Cloud.
    • Configure your clusters individually following the instructions in Configuring clusters for Anthos Identity Service with OIDC. Because fleet-level setup is a preview feature, you may want to use this option in production environments, if you are using an earlier version of Anthos clusters on Azure, or if you require Anthos Identity Service features that aren't yet supported with fleet-level lifecycle management.
  3. Set up user access to your clusters, including role-based access control (RBAC), following the instructions in Setting up user access for Anthos Identity Service.

Accessing clusters

After Anthos Identity Service has been set up, users can log in to configured clusters using either the command line or the Cloud Console.