User security and session management

Single sign-on

NSP single sign-on (SSO) provides a common security framework for all supported NSP functions and services. NSP SSO is based on OAUTH2, which is based on the Keycloak open-source identity and access management solution, and uses the standard OAuth 2.0 protocol.

OAUTH2 supports local user management and external authentication agents such as LDAPS, RADIUS, and TACACS+ servers. NFM-P users must be imported to the NSP local user database in order to gain NSP UI access.

In addition to user access control, the NSP provides user session management and activity logging. See Activity logging and the NSP System Administrator Guide for more information.

Kafka authentication

All Kafka communication is secured by default using TLS. Additionally, you can enable authentication for internal and external Kafka clients. Internal and external Kafka authentication are independent of each other, and are enabled and configured separately.

Internal Kafka authentication for communication among NSP subsystems uses mTLS two-way authentication; external Kafka authentication requires NSP user credentials.

See the NSP Installation and Upgrade Guide for information about configuring internal and external Kafka authentication.