# Manage groups Deprecated


We are deprecating authentication via CDF service accounts and API keys in favor of registering applications and services with your IdP (identity provider) and using OpenID Connect and the IdP framework to manage CDF access securely. We strongly encourage customers to adopt the new authentication flows as soon as possible.

Groups define how members of the group (users and service accounts) can work with what data in Cognite Data Fusion (CDF), for example read a time series, or delete an asset. If existing groups don't have the right capabilities for a user or a service account, you can create a new group.

NOTE: You can not change existing groups.

In this article:

# Create a group


If you want Azure AD users to automatically be members of a group, make sure that you first Configure CDF to use Azure Active Directory as the Identity Provider.

To create a group:

  1. In the left hand bar, select Access Management.

  2. Select Groups.

  3. Select Create new group and enter a Unique name for the group.

  4. Optional: To link the CDF group to a group in an Identity Provider (IdP) system, enter the Source ID and the Source name for the IdP group. The members of the linked IdP group will automatically become members of the CDP group.

    • For Azure Active Directory (AAD):
      1. In the Source ID field, enter the Object Id for the AAD group exactly as it exists in AAD. See Find the Object Id for an Azure AD group to learn how to find the Object Id for an AAD group.
      2. In the Source name field, enter the name of the group in Azure AD.
  5. Select the capabilities for the new group and define scope and actions. The scope defines which data the group has access to, and the actions define what the group is allowed to do with that data. Create new group with more granular access

  6. Select Create.

Last Updated: 4/6/2021, 11:08:52 AM