Initially, we wanted to use Managed Identity to connect; however, the Pega Platform currently supports authentication only through a shared access key. Pega supports the following Kafka authentication mechanisms: SASL using JAAS, SASL/PLAIN, SASL/SCRAM. Azure Event Hubs does not support SCRAM mechanisms (SCRAM-SHA-256 or SCRAM-SHA-512). Of the available options, it only supports SASL/PLAIN over SASL_SSL for Kafka clients.

I noticed that there appears to be support for OAuthBearer as part of Pega '25 however, that was not listed as an option for Event Hub during previous conversations with Pega. I'm looking for more information on whether this would work with Azure OAuth or was intended for another purpose? My understanding is that Azure OAuth doesn't expose the same endpoints as Keycloak, used in the example.