Skip to main content
To allow users to sign in to Cognite Data Fusion (CDF) and Cognite apps with their existing organizational ID, you first need to register the Cognite API and permit it to access user profiles in your Microsoft Entra ID tenant. You then register the applications you want to allow users to access. As an Microsoft Entra ID (ME-ID) administrator, you can consent for your entire organization to use Cognite Data Fusion (CDF) and other Cognite applications. Users can sign in to CDF and Cognite applications with their organizational identity without having to consent.

Register CDF and Cognite apps in Microsoft Entra ID

To perform the steps below, you must be a Microsoft Entra ID administrator. To register the Cognite API, the Microsoft Entra ID administrator should set up Postman and follow the authorization process.

Step 1: Permit the Cognite API to access user profiles in Microsoft Entra ID

1

Navigate to the admin consent URL

In your browser, make sure that you’ve signed in to Microsoft Entra ID as the tenant administrator, and then navigate to:
https://login.microsoftonline.com/YOUR_ME-ID_TENANT_ID/adminconsent?client_id=YOUR_CDF_CLUSTER_URL
Where:
  • YOUR_ME-ID_TENANT_ID is the ID of your Microsoft Entra ID tenant. To find your tenant ID, see this article.
  • YOUR_CDF_CLUSTER_URL is usually equal to the fully-qualified URL: https://<clustername>.cognitedata.com. If you don’t know the cluster name, contact Cognite support.
If you have the following:
  • YOUR_ME-ID_TENANT_ID=12345678-1234-1234-1234-123456789012; and
  • YOUR_CDF_CLUSTER=mycluster,
Then you’ll have to navigate to the following URL:
2

Confirm the account

If prompted, confirm the account you want to use to consent to the request.
3

Review and accept

Review and accept the permission request information, and select Accept.For more information, see Understanding Microsoft Entra ID application consent experiences.
Accept permission request
You can safely ignore any HTTP 400 errors you receive.
You have now permitted the Cognite API to access user profiles in your Microsoft Entra ID and can register applications you wish to authorize to access the API.
If you try to sign in to CDF without these permissions, you’ll get an error message. The message states which cluster you’re in and provides links to install and consent.

Step 2: Register a Cognite application in Microsoft Entra ID

1

Navigate to the application URL

In your browser, make sure that you’ve signed in to Microsoft Entra ID as the tenant administrator, and then navigate to the URL of the application you want to register:If your application instance is installed in a separate cluster, you need to specify the [.cluster]. If you don’t know the cluster name, contact Cognite support.
2

Confirm the account

If prompted, confirm the account you want to use to consent to the request.
3

Sign in with Entra ID

Specify your Organization (cluster) and then select Sign in with Entra ID.
4

Review and accept

Review and accept the permission request on behalf of your organization, and then select Accept.
Accept permission request
If the registration is successful, you are signed in to the Cognite application.
5

Verify the configuration

Sign in with a non-admin identity to confirm that regular users in your Microsoft Entra ID can access the application.
You have now registered the Cognite application in your Microsoft Entra ID, and users can sign in to the application with their Microsoft Entra ID username and password without having to consent themselves.