Axinom Short
Industries
Aerospace Media & Entertainment
Solutions
AERO Cloud-Based IFE On-Board Entertainment Digital Cabin On-Board Content Protection On-Board Connectivity
MEDIA Video Platform FAST Channels Content Management Content Protection
Products
Mosaic DRM Encoding On-Board Cloud Sync
Resources
Demos Aerospace Media Techbytes
Company
AXINOM About Us Contact Privacy Policy
CONNECT Axinom Portal Jobs Partners
Industries Aerospace Media & Entertainment
Solutions
AERO Cloud-Based IFE On-Board Entertainment Digital Cabin On-Board Content Protection On-Board Connectivity
MEDIA Video Platform FAST Channels Content Management Content Protection
Products Mosaic DRM Encoding On-Board Cloud Sync
Resources Demos Aerospace Media Techbytes
Company
AXINOM About Us Contact Privacy Policy
CONNECT Axinom Portal Jobs Partners

Simplified User Access Management

Mosaic takes care of user management, authentication and authorization in a unified way. Individual services don’t have to worry about this important security aspect.

Don’t have time?
Book a call

Simplified User Access Management illustration

TRUSTED BY

SKY logo ZDF logo Canela Media logo Mansa logo Beyond Dutch logo Lindau Nobel Laureate Meeting logo

Authentication

Every Mosaic environment has its own set of users (for the Management System).

Users can log in with an external identity provider (IDP), such as Google, Microsoft, or any other provider supporting OpenID Connect or OAuth 2.0. There is also a possibility to use an Axinom Portal account, or a Mosaic’s built-in identity provider with an email and password.

Mosaic Sign In

Mosaic Management System Login with multiple IDPs

Once logged in, a user is issued an access token (JWT), which can be used by any Mosaic service for identifying the user.

Authorization

Mosaic offers a unified authorization concept for all services.

Each service defines the list of permissions it needs. Services shall check if the user has a specific permission before providing specific functionality. It’s up to the service how granular it defines its permissions.

An Admin of a Mosaic environment creates roles. A role combines multiple permissions, possibly, from different services. A user is assigned one or multiple roles. User’s access token will contain all the permissions covered by the roles of this user.

Users Authorization Diagram

Users, Roles and Permissions

Roles can be additionally assigned tags for advanced security use cases.

For further information read the documentation.

Service Accounts

Software components interacting with Mosaic Services use Service Accounts. A Service Account is similar to a User Account, but authenticated with an ID and a Secret (both are long random numbers) against Mosaic Identity Service. Service Accounts can be assigned permissions directly (same permissions as regular users get); not roles.

It is recommended to create a separate Service Account for every integration purpose and grant them only those permissions that they really need (least privilege principle).

For further information read the documentation.

For Developers

Mosaic supports developers with all tasks around users, authentication and authorization, such as registering permissions, validating the access token, checking permissions, etc.

For further information read the documentation.

Want to learn more about Mosaic's user management?

Don’t have time now?
Book a call

Industries
 Aerospace Media & Entertainment
Solutions
 Cloud-Based IFE On-Board Entertainment Digital Cabin On-Board Content Protection On-Board Connectivity
Video Platform FAST Channels Content Management Content Protection
Products
 Mosaic DRM Encoding On-Board Cloud Sync
Resources
 Aerospace Media Techbytes
Company
 About Us Contact Privacy Policy
Axinom Portal Jobs Partners
© 2001–2025 Axinom
About us · Privacy policy · Cookie settings