Skip to main content

Manage groups and group membership with Amazon Cognito

Instead of assigning capabilities to individual users and service accounts, you use groups in Cognite Data Fusion (CDF) to define what capabilities members (users or applications) have to work with different CDF resources.

Follow the steps below to manage CDF group membership from Amazon Cognito.

note

When you create users in Amazon Cognito, the email and name user attributes are mandatory.

Step 1: Create a group in Amazon Cognito

  1. Sign in to the Amazon Cognito console as an admin. If prompted, enter your AWS credentials.

  2. Select User Pools and select an existing user pool from the list, or create a user pool.

  3. Select the Groups tab

  4. Select Create group.

  5. Under Group information, enter a Group name.

    Copy and make a note of the Group name. You'll use this name to link the group to a group in Cognite Data Fusion.

  6. Select Create group.

  7. Select the newly created group and add users to the group.

To link an Amazon Cognito group to a group in Cognite Data Fusion:

  1. Sign in to Cognite Data Fusion as an admin.

  2. Select the Admin workspace, and then select Groups > Create group.

  3. Enter a Unique name for the group and Add capabilities.

  4. In Members select Externally managed and in Source ID field, enter the Group name you copied from Amazon Cognito in step 5 above.

    Create new group with link to AAD group object ID
  5. Select Create.

The members of the Amazon Cognito group automatically become members of the linked CDF group with the associated capabilities.