Configuring authentication and authorization for NiFi Learn about configuring the type of authentication appropriate for your use case. Configuring the initial admin userWhen you set up a secured NiFi instance for the first time, you must manually designate an "Initial Admin Identity". This initial admin user is granted access to the UI and given the ability to create additional users, groups, and policies.Configuring single user authenticationSingle user authentication is NiFi’s most basic authentication option, sufficient for individual development clusters and also production clusters where flows are deployed in a controlled manner, such as continuous integration (CI) or site reliability engineering (SRE). A single user is granted all permissions on the NiFi cluster, no other users can be configured.Configuring a user identity with access policiesThe User custom resource creates and manages a user in a NiFi instance. Cloudera Flow Management Operator for Kubernetes reconciles the user in the NiFi API and optionally provisions a client certificate and access policies for that user.Configuring user groupsThe UserGroup custom resource creates and manages a user group in a NiFi instance. Cloudera Flow Management Operator for Kubernetes reconciles the group in the NiFi API, keeps its membership in sync with referenced User resources, and optionally provisions access policies for the group.Configuring NiFi access policy profilesAn AccessPolicyProfile is a reusable collection of NiFi access policies that can be shared across multiple User resources. Instead of repeating the same policy list on every user, define the policies once in an AccessPolicyProfile and reference it from each user.Configuring LDAP authenticationLearn how to configure an LDAP server for user authentication in your NiFi or NiFi Registry cluster.Configuring OIDC authenticationNiFi supports user authentication with Open ID Connect (OIDC) providers such as Keycloak. Parent topic: Configuring a NiFi instance
