Skip to main content
Instead of assigning capabilities to individual users and service accounts, you use groups in CDF to define what capabilities members (users or applications) have to work with different CDF resources. Follow the steps below to manage CDF group membership from Amazon Cognito.
When you create users in Amazon Cognito, the email and name user attributes are mandatory.

Step 1: Create a group in Amazon Cognito

1

Sign in to Amazon Cognito

Sign in to the Amazon Cognito console as an admin. If prompted, enter your AWS credentials.
2

Select a user pool

Select User Pools and select an existing user pool from the list, or create a user pool.
3

Create a group

  1. Select the Groups tab.
  2. Select Create group.
  3. Under Group information, enter a Group name.
  4. Copy and make a note of the Group name. You’ll use this name to link the group to a group in Cognite Data Fusion.
  5. Select Create group.
4

Add users to the group

Select the newly created group and add users to the group.
1

Sign in to Cognite Data Fusion

Sign in to Cognite Data Fusion as an admin.
2

Create a group

Select the Admin workspace, and then Access management > Groups > Create group.
3

Configure the group

Enter a Unique name for the group and Add capabilities.
4

Link the group

In Members select Externally managed and in Source ID field, enter the Group name you copied from Amazon Cognito in Step 1.
Create new group with link to AAD group object ID
5

Select Create

The members of the Amazon Cognito group automatically become members of the linked CDF group with the associated capabilities.
Last modified on January 27, 2026