# Register and configure applications and components

The table below lists applications and components with links to configuration steps and details about the authentication flows they use.

Application configuration steps Authentication flow Client secret required? Azure AD multi-tenant Comments
The CDF portal application, Best Day, InField, Maintenance Planner Implicit grant N Y The registration is automatically created when signing in. Needs administrator consent.
Cognite extractors Client credentials Y N One app registration per extractor and environment (for example, dev, test, prod).
CDF Transformations Y* N Needs multiple app registrations. Transformations that logically belong together (access rights are managed together) can share the app registration, but may be subject to rate-limiting.

* Time-limited jobs can run on behalf of a user.
Cognite Data Source for Grafana Authorization code grant Y N The Cognite Data Source for Grafana uses Grafana credentials to connect to CDF. Therefore, you need to set up the Grafana instance to authenticate the user towards the same identity provider (IdP) as your CDF project.
Cognite Power BI connector Implicit grant N Y The registration is automatically created when signing in. Needs administrator consent.

The Cognite Power BI Connector and Excel both use the Microsoft Power Query for Excel enterprise application to retrieve data from CDF. If your organization is using both the Cognite Power BI Connector app and Excel to retrieve data from CDF, you only need to register Microsoft Power Query for Excel for one of them.
Excel Implicit grant N Y The registration is automatically created when signing in. Needs administrator consent.
One-off/short-term scripts N N Run as a signed-in user, similar to a web application.
Scheduled custom scripts Client credentials Y N Potentially needs multiple app registrations, depending on the number of scripts.
Custom web applications N N Redirect URI of type Web.
Python SDK/Jupyter N N Redirect URI of type InstalledClient (Mobile / Desktop application). Users can sign in using their browser and use the acquired token in for example Jupyter.
Desktop apps/Postman N N Redirect URI of type InstalledClient (Mobile / Desktop application). Users can sign in using their browser and use the acquired token in for example Postman.

NOTE

When you register applications using the client credentials flow, you should NOT share client IDs and secrets across multiple applications, even if the applications have common authentication requirements in CDF. The applications may also be subject to rate-limiting. Sharing client IDs and secrets across multiple applications can also cause issues with audit logs, with events from multiple entities being identified under a common client ID.

Last Updated: 6/11/2021, 12:16:35 PM