Skip to main content

Authentication in Mosaic Management System

· 2 min read
Grigory Grin
Grigory Grin
Chief Developer Advocate

Recently, we've released a number of additional features regarding user authentication in Management System:

  • Redesigned sign in experience
  • Configurable IDPs and branding
  • Axinom Portal as IDP
  • Simplified Microsoft Entra ID configuration
  • Custom IDP

Here is a summary for the changes:

Redesigned sign in experience

Sign-in experience is now more aligned with the industry best practices. Users can directly sign in with their email and password, or select one of the external IDPs (Identify Providers) using the bottons below. Which IDPs can be used on a given environment is configurable (see below).

Sign-in dialog

Configurable IDPs and branding

IDP Configuration

You now have a few customizatio options for IDPs:

  • Name
  • Icon
  • Order in the sign-in dialog

You can also decide which IDPs to use on any specific environment. This also includes the option to sign in with an email and password.

Axinom as IDP

Identity Provider "Axinom" allows to log in to a Management System with an account created on Axinom Portal. This is especially useful for Mosaic evaluation phase, where users are already registered on Axinom Portal and don't need to worry about other providers and credentials management. For production environments, it makes sense to disable Axinom IDP.

Simplified Microsoft Entra ID configuration

Entra ID configuration

Microsoft (Entra ID) configuration is now significantly simpler: you only need to activate it and use the default configuration option.

This option allows to use Entra ID of any organization to authenticate.

You can still create a custom integration, which requires to create and configure a custom Entra ID app - see Documentation for more details.

Custom IDP

Any custom IDP can be added, as long as it supports OpenID Connect, e.g., Okta.

For configuration, you need for each provider:

  • Discovery Document URL (this is an OpenID standard URL, but sometimes different providers call it differently (e.g., Discovery Endpoint, Well-Known Endpoint, OpenID Configuration URL, etc.)
  • Client ID
  • Client Secret

You can also define for each provider:

  • Name
  • Icon
  • Position in the list of providers