KLogic
🔒 Enterprise Security

Enterprise Kafka Governance & RBAC

Give every team the access they need and nothing more. Workspace isolation, role-based access control, SSO, two-factor authentication, and a complete audit trail — enterprise-grade security built into every layer of KLogic.

See Security FeaturesExplore Controls

Shared Kafka Access Is a Security and Compliance Risk

Without proper access controls, a single misconfigured user can affect the entire organisation

No Team Boundaries

When all teams share a single Kafka management view, any user can accidentally delete a topic, modify alert rules, or change cluster configurations that belong to another team.

No Audit Trail

Without logging, you cannot answer "who changed this topic configuration?" or "which user deleted the alert rule?" during a post-incident review or compliance audit.

Weak Authentication

Username and password alone is insufficient for production infrastructure. A compromised account with admin access can cause irreversible damage in minutes.

Security Posture Comparison

❌ Unmanaged Access

  • • Everyone sees everything
  • • No 2FA enforcement
  • • Shared admin credentials
  • • Zero audit trail

✅ KLogic Enterprise

  • • Workspace-scoped isolation
  • • Enforced TOTP + backup codes
  • • SSO with group-based roles
  • • Full audit log with diffs

Enterprise Security at Every Layer

From workspace boundaries to audit logs, every control your compliance team requires

Workspace Isolation & RBAC

Full Workspace Isolation

Users, clusters, dashboards, alerts, and API keys are completely isolated per workspace — one team cannot see or affect another

Role-Based Access Control

Admin, Operator, and Viewer roles built in, with custom role creation by combining individual permissions

Invitation-Based Onboarding

Admins invite users by email with a pre-assigned role. New members cannot access a workspace without an explicit invitation

Workspace Members
A
[email protected]
Admin
B
[email protected]
Operator
C
[email protected]
Operator
D
[email protected]
Viewer
3
Built-in roles
Authentication Settings
2FA Enforcement
Enabled
Google SSO
Connected
API Keys
4 active
Audit Log
1,247 entries

Authentication & Identity

Two-Factor Authentication (TOTP)

TOTP-based 2FA compatible with any authenticator app, plus 8 single-use backup codes generated at enrollment

OAuth2 / SSO Integration

Connect any OpenID Connect provider — Google, Microsoft Entra, Okta, Auth0 — with automatic role assignment from IdP groups

API Key Management

Scoped API keys with configurable expiry for service accounts and CI/CD pipelines — rotate or revoke instantly from the dashboard

Complete Audit Trail for Compliance

Every user action that modifies state is logged with full context

Who Did What

Every log entry includes the user identity, action taken, affected resource, timestamp, and originating IP address for complete traceability.

User, action, resource, timestamp, IP

Change Diffs

Configuration change events record the before and after values so you can reconstruct exactly what changed and quickly roll back if needed.

Before/after values for every config change

Compliance Ready

Export audit logs in JSON or CSV for SOC 2, ISO 27001, and GDPR compliance reviews. Retention configurable from 30 days to 2 years.

SOC 2, ISO 27001, GDPR compatible

Enterprise-Grade Security Without the Complexity

All the controls your security team requires, configured in minutes not weeks

TOTP
2FA standard supported
OIDC
Any SSO provider
Scoped
API key permissions
100%
Actions audited

Frequently Asked Questions

Each workspace in KLogic is a completely isolated tenant. Users, Kafka clusters, dashboards, alert rules, and API keys are all scoped to a workspace. Members of one workspace cannot see or interact with resources in another workspace, even if they share the same KLogic installation.

KLogic ships with three built-in roles: Admin (full access including user management, cluster configuration, and security settings), Operator (can manage Kafka resources and alert rules but cannot change security settings), and Viewer (read-only access to dashboards, metrics, and cluster state). Custom roles can be created by combining specific permissions.

KLogic supports TOTP-based 2FA compatible with any authenticator app (Google Authenticator, Authy, 1Password). During 2FA enrollment, 8 single-use backup codes are generated and displayed once. Admins can enforce 2FA for all workspace members or specific roles from the security settings page.

KLogic supports OAuth2 SSO with any OpenID Connect-compatible provider including Google Workspace, Microsoft Entra ID (Azure AD), Okta, Auth0, GitHub, and GitLab. After SSO login, users are automatically assigned the role configured for their identity provider group.

Every user action that modifies state is recorded: logins and logouts, cluster configuration changes, topic and consumer group operations, alert rule changes, user invitation and removal, role changes, API key creation and revocation, and dashboard modifications. Each log entry includes the user, timestamp, IP address, and a diff of what changed.

API keys can be created by any user for their own account or by admins on behalf of service accounts. Each key has a configurable scope (read-only, operator, admin), an optional expiry date, and a description. Keys can be rotated or revoked instantly from the API Keys page. All key usage is logged in the audit trail.

Secure Your Kafka Access Today

Give every team the access they need, protect your infrastructure with strong authentication, and satisfy compliance requirements with a complete audit trail.

See Enterprise SecurityView Pricing

Free 14-day trial • All security features included • SOC 2 compatible audit logs