Skip to main content
PrerequisitesMake sure that you have already registered the Cognite API and the Cognite Data Fusion application in Amazon Cognito.

Create a service account in Amazon Cognito

1

Sign in to the Amazon Cognito

Sign in to the Amazon Cognito console as an admin. If prompted, enter your AWS credentials.
2

Select a user pool

Select User Pools and select an existing user pool from the list, or create a user pool.
3

Select App integration

Select the App integration tab.
4

Create an app client

  1. Under App client list, select Create app client.
  2. Under App type, select Confidential client.
  3. Enter an App client name.
  4. Under Client secret, select Generate a client secret.
  5. Under Authentication flow, select ALLOW_REFRESH_TOKEN_AUTH. Keep the default settings for the remaining fields under Authentication flows.
  6. Under Hosted UI settings, set Allowed callback URLs to https://cognitedata.com.
  7. In Identity providers, select Cognito user pool.
  8. In OAuth 2.0 grant types, select Client credentials.
  9. In Custom scopes, select https://cognitedata.com/user_impersonation and https://{{cluster}}.cognitedata.com.
  10. At the bottom of the page, select Create app client.
5

Copy the Client ID

Copy and make a note of the Client ID. You’ll use this name to add the service account as a member to a CDF group.

Add a service account to a new CDF group

To add an Amazon Cognito service account to a new group in Cognite Data Fusion:
1

Sign in to Cognite Data Fusion

Sign in to Cognite Data Fusion as an admin.
2

Create a group

Select the Admin workspace, and then select Groups > Create group.
3

Configure the group

  1. Enter a Unique name for the group and Add capabilities.
  2. Under Members, select Externally managed.
  3. In the Source ID field, enter the Client ID you copied from Amazon Cognito in the previous section.
4

Create the group

Select Create.