> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cognite.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Add a service account to a CDF group

> Create a client secret in Microsoft Entra ID and add the service principal to a Cognite Data Fusion (CDF) group.

<a id="create-a-client-secret-in-microsoft-entra-id" />

## Create a client secret in Microsoft Entra ID

<Steps>
  <Step title="Sign in to the Azure portal">
    Sign in to the [Azure portal](https://portal.azure.com) as an admin.
  </Step>

  <Step title="Select a tenant">
    If you have access to multiple tenants, use the Directory + subscription filter in the top menu to select the tenant in which you want to register an application.
  </Step>

  <Step title="Select Microsoft Entra ID">
    Search for and select **Microsoft Entra ID**.
  </Step>

  <Step title="Navigate to New registrations">
    Under **Manage**, select **App registrations** > **New registrations**.
  </Step>

  <Step title="Register an application">
    In the **Register an application** window, enter the app name, and then select **Register**.
  </Step>

  <Step title="Select name and type">
    Specify the **name** and select the supported **account types**.
  </Step>

  <Step title="Copy the Application (client) ID">
    Copy and make a note of the **Application (client) ID**. This value is required for authentication.
  </Step>

  <Step title="Create a client secret">
    1. Under **Manage**, select **Certificates & secrets** > **New client secret**.

    <Frame>
      <img src="https://apps-cdn.cogniteapp.com/@cognite/docs-portal-images/1.0.0/images/cdf/integrations/transformations/oidc_client_secret.png" alt="OIDC Client secret " width="80%" />
    </Frame>

    2. Enter a client secret description and an expiry time, and then select **Add**.
  </Step>

  <Step title="Copy the client secret">
    Copy and make a note of the client secret in the **Value** field.

    <Warning>
      Make sure you copy this value now. This value will be hidden after you leave this page.
    </Warning>
  </Step>
</Steps>

<a id="add-the-service-principal-to-a-cdf-group" />

## Add the service principal to a CDF group

<Warning>
  You need to link your newly created app in Microsoft Entra ID to a group in CDF. For more information, see [Create a group in CDF and link it to Microsoft Entra ID group](/cdf/access/entra/guides/create_groups_oidc#step-2-create-a-group-in-cdf-and-link-it-to-the-azure-ad-group).
</Warning>

<Steps>
  <Step title="Navigate to Microsoft Entra ID group">
    To add the service principal, navigate to your Microsoft Entra ID group.
  </Step>

  <Step title="Navigate to Add members">
    Under **Manage**, select **Members** > **Add members**.

    <Frame>
      <img src="https://apps-cdn.cogniteapp.com/@cognite/docs-portal-images/1.0.0/images/cdf/integration/transformations/add-members-to-azure-group.png" alt="Add members to group" width="800px" />
    </Frame>
  </Step>

  <Step title="Add members">
    Search for your service principal in the search box and **Select**.

    <Frame>
      <img src="https://apps-cdn.cogniteapp.com/@cognite/docs-portal-images/1.0.0/images/cdf/integration/transformations/add-service-principal.png" alt="Add service principal" width="400px" />
    </Frame>
  </Step>

  <Step title="Verify members added">
    Verify that the service principal is added to your Microsoft Entra ID group.

    The service principal, as a member of the Microsoft Entra ID group, is automatically a member of the linked CDF group with the associated capabilities.

    <Tip>
      For more information on service principals, see [How to create a service principal](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal).
    </Tip>
  </Step>
</Steps>
