> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cognite.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Manage groups and group membership

> Create groups in Cognite Data Fusion (CDF) and link them to Amazon Cognito groups to manage group membership.

Instead of assigning capabilities to individual users and service accounts, you use **groups** in CDF to define what **capabilities** members (users or applications) have to work with different CDF resources.

Follow the steps below to manage CDF group **membership** from Amazon Cognito.

<Note>
  When you create users in Amazon Cognito, the *email* and *name* user attributes are mandatory.
</Note>

<a id="step-1" />

## Step 1: Create a group in Amazon Cognito

<Steps>
  <Step title="Sign in to Amazon Cognito">
    Sign in to the [Amazon Cognito console](https://console.aws.amazon.com/cognito/home) as an admin. If prompted, enter your AWS credentials.
  </Step>

  <Step title="Select a user pool">
    Select <span class="ui-element">User Pools</span> and select an existing user pool from the list, or create a user pool.
  </Step>

  <Step title="Create a group">
    1. Select the **Groups** tab.

    2. Select **Create group**.

    3. Under **Group information**, enter a **Group name**.

    4. **Copy and make a note** of the **Group name**. You'll use this name to [link the group to a group in Cognite Data Fusion](#step-2).

    5. Select **Create group**.
  </Step>

  <Step title="Add users to the group">
    Select the newly created group and **add users** to the group.
  </Step>
</Steps>

<a id="step-2" />

## Step 2: Create a group in CDF and link it to the Amazon Cognito group

<Steps>
  <Step title="Sign in to Cognite Data Fusion">
    Sign in to [Cognite Data Fusion](https://fusion.cognite.com) as an admin.
  </Step>

  <Step title="Create a group">
    Select the **Admin** workspace, and then **Access management** > **Groups** > **Create group**.
  </Step>

  <Step title="Configure the group">
    Enter a **Unique name** for the group and **Add capabilities**.
  </Step>

  <Step title="Link the group">
    In **Members** select **Externally managed** and in **Source ID** field, enter the **Group name** you copied from Amazon Cognito in [Step 1](#step-1).

    <Frame>
      <img src="https://apps-cdn.cogniteapp.com/@cognite/docs-portal-images/1.0.0/images/cdf/access/create_CDF_group_sourceId_oidc.png" alt="Create new group with link to AAD group object ID" width="60%" />
    </Frame>
  </Step>

  <Step title="Select Create">
    The members of the Amazon Cognito group automatically become members of the linked CDF group with the associated capabilities.
  </Step>
</Steps>
