Add an Amazon Cognito service account to a CDF group

Follow the steps below to create a service account in Amazon Cognito and add it as a member to the Cognite Data Fusion (CDF) group.

Prerequisites

Make sure that you have already registered the Cognite API and the Cognite Data Fusion application in Amazon Cognito.

Create a service account in Amazon Cognito

1. Sign in to the Amazon Cognito console as an admin. If prompted, enter your AWS credentials.

2. Select User Pools.

3. Select an existing user pool from the list, or create a user pool.

4. Select the App integration tab.

5. Under App client list, select Create app client.

6. Under App type, select Confidential client.

7. Enter an App client name.

8. Under Client secret, select Generate a client secret.

9. Under Authentication flow, select ALLOW_REFRESH_TOKEN_AUTH

   Keep the default settings for the remaining fields under Authentication flows.

10. Under Hosted UI settings, set Allowed callback URLs to https://cognitedata.com.

11. In Identity providers, select Cognito user pool.

12. In OAuth 2.0 grant types, select Client credentials.

13. In Custom scopes, select https://cognitedata.com/user_impersonation and https://{{cluster}}.cognitedata.com.

14. At the bottom of the page, select Create app client.

15. Copy and make a note of the Client ID. You'll use this name to add the service account as a member to a CDF group.

Add a service account to a new CDF group

To add an Amazon Cognito service account to a new group in Cognite Data Fusion:

1. Sign in to Cognite Data Fusion as an admin.

2. Select the Admin workspace, and then select Groups > Create group.

3. Enter a Unique name for the group and Add capabilities.

4. Under Members, select Externally managed.

5. In the Source ID field, enter the Client ID you copied from Amazon Cognito in step 15 above.

6. Select Create.