This site is is currently under maintenance, please try again later
Mosaic takes care of user management, authentication and authorization in a unified way. Individual services don’t have to worry about this important security aspect.
Don’t have time?
Book a call
TRUSTED BY
Every Mosaic environment has its own set of users (for the Management System).
Users can log in with an external identity provider (IDP), such as Google, Microsoft, or any other provider supporting OpenID Connect or OAuth 2.0. There is also a possibility to use an Axinom Portal account, or a Mosaic’s built-in identity provider with an email and password.
Mosaic Management System Login with multiple IDPs
Once logged in, a user is issued an access token (JWT), which can be used by any Mosaic service for identifying the user.
Mosaic offers a unified authorization concept for all services.
Each service defines the list of permissions it needs. Services shall check if the user has a specific permission before providing specific functionality. It’s up to the service how granular it defines its permissions.
An Admin of a Mosaic environment creates roles. A role combines multiple permissions, possibly, from different services. A user is assigned one or multiple roles. User’s access token will contain all the permissions covered by the roles of this user.
Users, Roles and Permissions
Roles can be additionally assigned tags for advanced security use cases.
For further information read the documentation.
Software components interacting with Mosaic Services use Service Accounts. A Service Account is similar to a User Account, but authenticated with an ID and a Secret (both are long random numbers) against Mosaic Identity Service. Service Accounts can be assigned permissions directly (same permissions as regular users get); not roles.
It is recommended to create a separate Service Account for every integration purpose and grant them only those permissions that they really need (least privilege principle).
For further information read the documentation.
Mosaic supports developers with all tasks around users, authentication and authorization, such as registering permissions, validating the access token, checking permissions, etc.
For further information read the documentation.
Don’t have time now?
Book
a call