Skip to main content

Register AIR with OpenID Connect

AIR supports both Google Cloud and Microsoft Azure for on-boarding and use. Follow the steps below to register AIR in Azure AD.

Step 1: Register an app in Azure AD to use with Cognite AIR

  1. Sign in to the Azure portal as an admin.

  2. If you have access to multiple tenants, use the Directory + subscription filter in the top menu to select the tenant in which you want to register an application.

  3. Search for and select Azure Active Directory.

  4. Under Manage, select App registrations > New registrations.

  5. In the Register an application window, enter the app name, and then select New registration.

  6. In the name field, enter Cognite AIR and set Supported account types to Accounts in this organizational directory only (Tenant name - Single tenant).

  7. Leave Redirect URI blank.

  8. Click Register.

  9. On the application page for the new Cognite AIR application, note down the application’s Client ID. You will need this later.

Read more about how to register web apps in Azure.

Step 2: Create a secret for Cognite AIR

  1. Go back to app registration and select All applications.

  2. Under the display for Cognite AIR, go to Certificates and secrets and click New client secret.

  3. In the Description field, enter new client secret.

  4. In Expires, choose Custom.

  5. In Start, choose the current date.

  6. In End, choose the max allowed value which is two years after the start date.

  7. Click Add.

  8. Make sure you copy this value now. This value will be hidden after you leave this page, and you will need it at a later stage.

Step 3: Create AD group for the Cognite AIR

  1. From the home page of your Azure AD tenant, click on Azure Active Directory, go to Groups and click New group.

  2. Give the new group the following properties:

    • Group type: Security
    • Group name: cognite-air-infra
    • Group description: Security group for Cognite AIR infrastructure

  3. Click No members selected, and add the Cognite AIR application you created earlier as a member of this group.

  4. Click Create.

    NOTE

    Note the Object ID of the group as you will need to link it to a group in CDF later.

Step 4: Configure AIR in your CDF project

Note

This step requires you to be an admin on the CDF project you are setting up AIR for.

  1. Navigate to the CDF portal application.

  2. Sign in with your CDF project name and credentials.

  3. Select Configure AIR in the menu.

  4. Complete the steps to trigger the confirmation e-mail.

Step 5: Provide information

Reply to the confirmation e-mail with the following information included so Cognite Support can authenticate against your AD tenant:

  • The CDF project name and the cluster it runs on.
  • The client ID of the Cognite AIR application you created in step 1.
  • The secret that you created in step 2.
  • The Azure AD tenant ID used by the CDF project.

Copy all the data into yopass.cognite.ai and send it to Cognite Support. We will get back to you shortly.

Step 6: Cognite Support configures the back-end services and functions

Please wait for Cognite Support to complete the configuration before you start to use AIR on your project.

Step 7: Give permission to the AIR application

The user who is the admin of the Azure AD tenant needs to give permission to the whole organization.

Navigate to AIR and sign in. You will then be asked to give other users permission to the AIR application.

Make sure to select Give access to whole organization.

You should now be ready to use AIR!

Last updated: