NSP single sign-on (SSO) provides a common security framework for all supported NSP functions and services. NSP SSO is based on OAUTH2, which is based on the Keycloak open-source identity and access management solution, and uses the standard OAuth 2.0 protocol.

OAUTH2 supports local user management and external authentication agents such as LDAPS, RADIUS, and TACACS+ servers. NFM-P users must be imported to the NSP local user database in order to gain NSP UI access.

In addition to user access control, the NSP provides user session management and activity logging. See Activity logging and the NSP System Administrator Guide for more information.

When WaveSuite is integrated with NSP in shared mode, the systems share common GUIs, logins, and authentication, with the NSP SSO framework serving as the common authentication system. In non-shared mode integrations, NSP and WaveSuite operate with separate user interfaces and authentication systems, and SSO is not shared between the platforms. See the NSP Installation and Upgrade Guide for details on integrating WaveSuite in shared mode and enabling common authentication.

All Kafka communication is secured by default using TLS. Additionally, you can enable authentication for internal and external Kafka clients. Internal and external Kafka authentication are independent of each other, and are enabled and configured separately.

Internal Kafka authentication for communication among NSP subsystems uses mTLS two-way authentication; external Kafka authentication requires NSP user credentials.

See the NSP Installation and Upgrade Guide for information about configuring internal and external Kafka authentication.