# Register the Cognite API and applications in Azure AD

WARNING

For customers running Cognite Data Fusion (CDF) on Azure, the features described in this section are currently only available via our Early Adopter program. To join an Early Adopter program, contact your Cognite representative.

To allow users to sign in to CDF and Cognite apps with their existing organizational ID, you first need to register the Cognite API and permit it to access user profiles in your Azure AD tenant. You then register the applications you want to allow users to access.

As an Azure Active Directory (AD) administrator, you can consent for your entire organization to use Cognite Data Fusion (CDF) and other Cognite applications. Users can sign in to CDF and Cognite applications with their organizational identity without having to consent themselves.

In this article:

# Register CDF and Cognite apps in Azure AD

NOTE

To perform the steps below, you need to be an Azure AD administrator.

# Step 1: Permit the Cognite API to access user profiles in Azure AD

  1. In your browser, make sure that you've signed in to Azure AD as the tenant administrator, and then navigate to:

    https://login.microsoftonline.com/YOUR_AAD_TENANT_ID/adminconsent?client_id=YOUR_CDF_CLUSTER

    Where:

    • YOUR_AAD_TENANT_ID is the ID of your Azure AD tenant. To find your tenant ID, see this article. (opens new window)
    • YOUR_CDF_CLUSTER is the cluster where your CDF instance is installed. If you don't know the cluster name, contact Cognite support.
  2. If prompted, confirm the account you want to use to consent to the request.

  3. Review and accept the permission request information, and select Accept.

    Accept permission request

    NOTE

    You can safely ignore any HTTP 400 errors you receive.

You have now permitted the Cognite API to access user profiles in your Azure AD, and can register applications you wish to authorize to access the API.

# Step 2: Register a Cognite application in Azure AD

  1. In your browser, make sure that you've signed in to Azure AD as the tenant administrator, and then navigate to the URL for the application you want to register:

    If your application instance is installed in a separate cluster, you need to specify the [.cluster]. If you don't know the cluster name, contact Cognite support.

  2. If prompted, confirm the account you want to use to consent to the request.

  3. Specify your Environment, (cluster) and then select Sign in with Microsoft Azure.

    If you don't know the environment (cluster) name, contact Cognite support.

    CDF sign-in with Azure

  4. Review and accept the permission request on behalf of your organization, and then select Accept.

    Accept permission request

  5. If the registration is successful, you are signed in to the Cognite application.

  6. Verify that the configuration is successful: Sign in with a non-admin identity to confirm that regular users in your Azure AD can access the application.

You have now registered the Cognite application in your Azure AD, and users can sign in to the application with their Azure AD username and password without having to consent themselves.

Last Updated: 4/6/2021, 11:08:52 AM