Simplified User Access Management

Mosaic takes care of user management, authentication and authorization in a unified way. Individual services don’t have to worry about this important security aspect.

Don’t have time?
Book a call

Simplified User Access Management illustration

TRUSTED BY

SKY logo ZDF logo Canela Media logo Mansa logo Beyond Dutch logo Lindau Nobel Laureate Meeting logo

Authentication

Every Mosaic environment has its own set of users (for the Management System).

Users can log in with an external identity provider (IDP), such as Google, Microsoft, or any other provider supporting OpenID Connect or OAuth 2.0. There is also a possibility to use an Axinom Portal account, or a Mosaic’s built-in identity provider with an email and password.

Mosaic Sign In

Mosaic Management System Login with multiple IDPs

Once logged in, a user is issued an access token (JWT), which can be used by any Mosaic service for identifying the user.

Authorization

Mosaic offers a unified authorization concept for all services.

Each service defines the list of permissions it needs. Services shall check if the user has a specific permission before providing specific functionality. It’s up to the service how granular it defines its permissions.

An Admin of a Mosaic environment creates roles. A role combines multiple permissions, possibly, from different services. A user is assigned one or multiple roles. User’s access token will contain all the permissions covered by the roles of this user.

Users Authorization Diagram

Users, Roles and Permissions

Roles can be additionally assigned tags for advanced security use cases.

For further information read the documentation.

Service Accounts

Software components interacting with Mosaic Services use Service Accounts. A Service Account is similar to a User Account, but authenticated with an ID and a Secret (both are long random numbers) against Mosaic Identity Service. Service Accounts can be assigned permissions directly (same permissions as regular users get); not roles.

It is recommended to create a separate Service Account for every integration purpose and grant them only those permissions that they really need (least privilege principle).

For further information read the documentation.

For Developers

Mosaic supports developers with all tasks around users, authentication and authorization, such as registering permissions, validating the access token, checking permissions, etc.

For further information read the documentation.

Want to learn more about Mosaic's user management?

Don’t have time now?
Book a call