To fit the requirements of enterprise work environments, Ververica Platform is built as a centrally managed solution optimized for multi-tenant architectures. Multi-tenancy support is based on the concept of namespaces: these enable multiple development teams to efficiently work on a shared platform with resource isolation, global best practices and policies, and default configurations that fit your enterprise’s needs.
Apache Flink has multiple built-in features to ensure authenticated and encrypted communication between cluster components. Ververica Platform extends and adds to these native features with end-to-end security guarantees, from intra-cluster level to user-facing components.
The authentication scheme in Ververica Platform is flexible and able to accommodate the following:
OpenID Connect (OIDC): Authentication providers implementing the OpenID Connect standard are supported out-of-the-box. If your organiszation is using a different authentication scheme, such as LDAP (Lightweight Directory Access Protocol) or Active Directory or SAML (Security Assertion Markup Language), integration is also possible.
API Tokens: To allow programmatic, machine-to-machine access, authentication with API Tokens is supported and bound to authorization configuration for fine-grained access control.
Authorization is based on roles with associated sets of rules that define the permissions each user (or token) has within a namespace.