# About identity and access management

WARNING

For customers running Cognite Data Fusion (CDF) on Azure, the features described in this section are currently only available via our Early Adopter program. To join an Early Adopter program, contact your Cognite representative.

We recommend that you appoint a Cognite Data Fusion (CDF) admin who can work with the IT department to ensure that CDF services and applications follow your organization's security practices for authentication and data access.

By connecting CDF to your IdP (Identity Provider), you can use the IdP framework to manage access to CDF data securely. We currently support Microsoft's Azure Active Directory (Azure AD).

The articles in this section explain how to configure CDF to use your IdP to authenticate users and register and manage applications that should have access to CDF. You'll also find information about how you can use groups to control what data users and applications can access and what they can do with it.

Visit the Manage access to CDF quickstart to learn more about the technology behind CDF authentication and authorization.

In this article:

# Manage access to Cognite applications

To allow users to sign in to CDF and Cognite apps with their existing organizational ID, you first need to register the Cognite API in your Azure AD. You then register the applications you want to allow users to access.

As an Azure Active Directory (AD) administrator, you can consent for your entire organization to use Cognite Data Fusion (CDF) and other Cognite applications. Users can sign in to CDF and Cognite applications with their organizational identity without having to consent themselves.

Learn more: Register the Cognite API and applications in Azure AD

# Manage groups

Instead of assigning capabilities to individual users and applications, you create groups in CDF to define what capabilities members (users or applications) have to work with different CDF resources. Then you link and synchronize the CDF groups to user groups in your IdP.

For example, if you want users or applications to read, but not write, time series data in CDF, you first create a group in your IdP to add the relevant users and applications. Next, you create a CDF group with the necessary capabilities and then link the CDF group and the IdP group.

This flexibility allows you to manage and update your data governance policies quickly and securely. You can continue to manage users and applications in your organization's IdP service outside of CDF.

Learn more: Manage groups.

Last Updated: 4/6/2021, 11:08:52 AM