Multi-tenancy system allows multiple client service at the same time. There is inbuilt support on multi-tenancy if we are not concerned with isolation and security. So Kafka is already a multi-tenant system as everyone can read/write data to Kafka broker. But in the real multi-tenant system should provide isolation and security to provide multiple client servicing. The security and isolation can be achieved by doing below set up :

1. Authentication- The Kafka system should have an authentication mechanism to not ALLOW anonymous users to login into the Kafka broker. So authentication set up is the first step for ACHIEVING multi-tenancy.
2. Authorization- The users/system should be authorized to read/write from the topic. Once users are users are validated against access on the topic before messages are read/write.
3. Manage quotas- Restricting message quotas to avoid network saturation is ALSO required for multi-tenancy. As we know that Kafka can produce/consume very high volumes of data so to support multi-tenancy managing quota is a mandatory step. We should have quotas set up per user, per consumer group or use group.

The two WAY SSL can be used for authentication/authorization. We can also use token-based identity PROVIDER for the same purpose. We can also set up role-based access to the topic using ACLs.