# Federated OAuth login and Confluent Cloud topic sizes

## Log into Console with existing OAuth tokens

Console now acts as an OAuth 2.0 Resource Server, validating access tokens from your external OIDC Identity Provider. Users authenticated with your organization's IdP are automatically logged into Console—no separate login required.

This supports organizations that require centralized authentication management and provides a seamless single sign-on experience across applications. [Configure delegated JWT authentication →](https://docs.conduktor.io/guide/conduktor-in-production/admin/user-access/delegated-jwt-auth)

## View Confluent Cloud topic storage sizes

Confluent Cloud topic storage sizes (bytes) are now visible throughout Console, including in Insights. This helps teams understand storage consumption and make informed decisions about retention and cost.

Requires a Confluent Cloud API key with the `MetricsViewer` role.

## Alert on license expiry

Platform teams can monitor days until license expiry using the `console_license_days_until_expiry` metric and set up alerts before expiration. See the [metrics reference](https://docs.conduktor.io/guide/reference/metric-reference) for all available metrics.

## Quality of life improvements

- **Insights dashboard**: Enhanced usability and navigation
- **CSV exports**: Zip compression support for easier file management
- **Labels filter**: Searchable dropdown for faster label selection
- **Topic Catalog**: Clickable links to applications, instances, and owner groups
- **Database config**: New `database.options` and `kafka_sql.database.options` for passing JDBC/Hikari options directly. [See environment variables →](https://docs.conduktor.io/guide/conduktor-in-production/deploy-artifacts/deploy-console/env-variables)

---

For a full list of changes, read the [complete release notes](https://docs.conduktor.io/guide/release-notes).