Skip to main content

Register and configure applications and components

The table below lists applications and components with links to configuration steps and details about the authentication flows they use.

Application configuration stepsAuthentication flowClient secret required?Microsoft Entra ID multi-tenantComments
The CDF portal application, Best Day, InField, Maintain, Solutions PortalAuthorization code grantNYThe registration is automatically created when signing in. Needs administrator consent.
Cognite extractors/ scheduled custom scriptsClient credentialsYNOne app registration per extractor/script and environment (for example, dev, test, prod).
CDF TransformationsY*NNeeds multiple app registrations. Transformations that logically belong together (access rights are managed together) can share the app registration but may be subject to rate-limiting.

* Time-limited jobs can run on behalf of a user.
Cognite Data Source for GrafanaYNThe Cognite Data Source for Grafana uses Grafana credentials to connect to CDF. Therefore, you need to set up the Grafana instance to authenticate the user towards the same identity provider (IdP) as your CDF project.

Alternatively, you can provide client credentials for each instance of the Cognite Data Source.
Cognite Power BI connectorAuthorization code grantNYThe registration is automatically created when signing in. Needs administrator consent.

The Cognite Power BI connector and Excel both use the Microsoft Power Query for Excel enterprise application to retrieve data from CDF. If your organization is using both the Cognite Power BI connector app and Excel to retrieve data from CDF, you only need to register Microsoft Power Query for Excel for one of them.
ExcelImplicit grantNYThe registration is automatically created when signing in. Needs administrator consent.
Custom web applicationsNNRedirect URI of type Web.
Desktop apps/ Postman/Python SDK/Jupyter/ One-off/short-term scriptsNNRedirect URI of type InstalledClient (Mobile / Desktop application). Users can sign in using their browser and use the acquired token in, for example Jupyter.
IMPORTANT

When you register applications using the client credentials flow, you should NOT share client IDs and secrets across multiple applications, even if the applications have common authentication requirements in CDF. Sharing client IDs and secrets across multiple applications can cause issues with audit logs, with events from multiple entities being identified under a common client ID. The applications may also be subject to rate-limiting.