The entire set of session creation methods of the Universal Messaging client and admin APIs for Java (nsp/nsps/nhp/nhps, native and JMS) have overloaded variants that accept username/password credentials which are then supplied to the Universal Messaging server.
The Universal Messaging server enables those credentials to be authenticated against pluggable Directory backends (ranging from LDAP to flat files) or by means of JAAS-based methods (based on user-configurable pluggable modules).
The Directory mode is sometimes called SASL+Directory as the credentials are exchanged via SASL, but the SASL capability is embedded in the proprietary Universal Messaging client-server protocol, and need not concern users or administrators.
The configuration is determined by a set of Java system properties on both the client and server side, the latter typically centralised in the nserver.conf configuration file.
Note that authentication does not supplant the traditional Universal Messaging ACLs and is merely an additional security step performed before the relevant ACLs are evaluated and applied.