# Configure AIR with OpenID Connect
Before you can use AIR on a CDF project that uses OIDC authentication, you need to set up an application for AIR which our backend services can authenticate with.
This guide explains how to register an application for AIR in your AD tenant.
In this article:
- Step 1: Register AIR
- Step 2: Create a secret for Cognite AIR application
- Step 3: Create AD group for the Cognite AIR application
- Step 4: Configure AIR in your CDF project
- Step 5: Reply to our e-mail and give us the following information
- Step 6: Wait for our reply
- Step 7: Give permission to the AIR application
# Step 1: Register AIR
Sign in to Azure AD as an admin.
In Azure AD dashboard: Go to Application registration and click New registration.
In the name field, enter Cognite AIR and set Supported account types to Accounts in this organizational directory only (Tenant name - Single tenant).
Leave Redirect URI blank.
- On the application page for the new Cognite AIR application, note down the Client ID of the application. You will need this later.
# Step 2: Create a secret for Cognite AIR application
On the overview page for the Cognite AIR application, go to Certificates and secrets and click New client secret.
- In the Description field, enter Cognite AIR secret.
- In Expires, choose Custom.
- In Start, choose the current date.
- In End, choose the max allowed value which should be two years after the start date.
- Click Add.
Make sure to copy the secret value and keep it available for later. You cannot retrieve it after it has been created, and you will need it at a later stage.
# Step 3: Create AD group for the Cognite AIR application
From the root page of your Azure AD tenant, go to Groups and click New group.
Set it up with the following properties:
Group type: Security
Group name: cognite-air-infra
Group description: Security group for Cognite AIR infrastructure
Finally, click No members selected, and add the Cognite AIR application you created earlier as a member of this group.
Make sure to note the Object ID of the group as you will need to link it to a group in CDF later.
# Step 4: Configure AIR in your CDF project
This step requires you to be an admin on the CDF project you are setting up AIR for.
- Navigate to fusion.cognite.com (opens new window).
- Sign in with your CDF project name and credentials.
- Select Configure AIR in the menu.
# Step 5: Reply to our e-mail and give us the following information
Please reply to the e-mail with the following information include so we can authenticate against your AD tenant:
- The CDF project name and the cluster it runs on.
- The client ID of the Cognite AIR application you created in step 1.
- The secret that you created in step 2.
- Tenant ID of the Azure AD tenant used by the CDF project.
Copy all the data into yopass.cognite.com and send an e-mail to email@example.com. We will let you know as soon as we are done.
# Step 6: Wait for our reply
Please wait for us to get in touch before starting to use AIR on your project.
# Step 7: Give permission to the AIR application
The user who is the admin of the Azure AD tenant needs to give permission to the whole organization.
Navigate to air.
Make sure to select Give access to whole organization.
You should now be ready to use AIR!