# Configure AIR with OpenID Connect

Before you can use AIR on a CDF project that uses OIDC authentication, you need to set up an application for AIR which our backend services can authenticate with.

This guide explains how to register an application for AIR in your AD tenant.

In this article:

# Step 1: Register AIR

  1. Sign in to Azure AD as an admin.

  2. In Azure AD dashboard: Go to Application registration and click New registration.

Image showing how to get to app registration in Azure AD

  1. In the name field, enter Cognite AIR and set Supported account types to Accounts in this organizational directory only (Tenant name - Single tenant).

  2. Leave Redirect URI blank.

  3. Click Register.

Image showing how to register AIR in Azure AD

  1. On the application page for the new Cognite AIR application, note down the Client ID of the application. You will need this later.

# Step 2: Create a secret for Cognite AIR application

On the overview page for the Cognite AIR application, go to Certificates and secrets and click New client secret.

  1. In the Description field, enter Cognite AIR secret.
  2. In Expires, choose Custom.
  3. In Start, choose the current date.
  4. In End, choose the max allowed value which should be two years after the start date.
  5. Click Add.


    Make sure to copy the secret value and keep it available for later. You cannot retrieve it after it has been created, and you will need it at a later stage.

Image showing how to set up a secret in Azure AD

# Step 3: Create AD group for the Cognite AIR application

From the root page of your Azure AD tenant, go to Groups and click New group.

Image showing how to get to group creation in Azure AD

Set it up with the following properties:

  1. Group type: Security

  2. Group name: cognite-air-infra

  3. Group description: Security group for Cognite AIR infrastructure

  4. Finally, click No members selected, and add the Cognite AIR application you created earlier as a member of this group.

  5. Click Create.

Image showing how to create AIR group in Azure AD


Make sure to note the Object ID of the group as you will need to link it to a group in CDF later.

# Step 4: Configure AIR in your CDF project


This step requires you to be an admin on the CDF project you are setting up AIR for.

  1. Navigate to fusion.cognite.com (opens new window).
  2. Sign in with your CDF project name and credentials.
  3. Select Configure AIR in the menu.

Highlighted "Configure AIR" button in the Fusion application.

# Step 5: Reply to our e-mail and give us the following information

Please reply to the e-mail with the following information include so we can authenticate against your AD tenant:

  • The CDF project name and the cluster it runs on.
  • The client ID of the Cognite AIR application you created in step 1.
  • The secret that you created in step 2.
  • Tenant ID of the Azure AD tenant used by the CDF project.

Copy all the data into yopass.cognite.com and send an e-mail to air-team@cognite.com. We will let you know as soon as we are done.

# Step 6: Wait for our reply

Please wait for us to get in touch before starting to use AIR on your project.

# Step 7: Give permission to the AIR application

The user who is the admin of the Azure AD tenant needs to give permission to the whole organization.

Navigate to air..cogniteapp.com and sign in. You will then be asked to give other users permission to the AIR application.

Make sure to select Give access to whole organization.

You should now be ready to use AIR!

Last Updated: 11/2/2021, 7:56:54 AM