Register AIR with OpenID Connect
AIR supports both Google Cloud and Microsoft Azure for on-boarding and use. Follow the steps below to register AIR in Azure AD.
Step 1: Register an app in Azure AD to use with Cognite AIR
Sign in to the Azure portal as an admin.
If you have access to multiple tenants, use the Directory + subscription filter in the top menu to select the tenant in which you want to register an application.
Search for and select Azure Active Directory.
Under Manage, select App registrations > New registrations.
In the Register an application window, enter the app name, and then select New registration.
In the name field, enter Cognite AIR and set Supported account types to Accounts in this organizational directory only (Tenant name - Single tenant).
Leave Redirect URI blank.
On the application page for the new Cognite AIR application, note down the application’s Client ID. You will need this later.
Read more about how to register web apps in Azure.
Step 2: Create a secret for Cognite AIR
Go back to app registration and select All applications.
Under the display for Cognite AIR, go to Certificates and secrets and click New client secret.
In the Description field, enter new client secret.
In Expires, choose Custom.
In Start, choose the current date.
In End, choose the max allowed value which is two years after the start date.
Make sure you copy this value now. This value will be hidden after you leave this page, and you will need it at a later stage.
Step 3: Create AD group for the Cognite AIR
From the home page of your Azure AD tenant, click on Azure Active Directory, go to Groups and click New group.
Give the new group the following properties:
- Group type: Security
- Group name: cognite-air-infra
- Group description: Security group for Cognite AIR infrastructure
Click No members selected, and add the Cognite AIR application you created earlier as a member of this group.
Note the Object ID of the group as you will need to link it to a group in CDF later.
Step 4: Configure AIR in your CDF project
This step requires you to be an admin on the CDF project you are setting up AIR for.
Navigate to the CDF portal application.
Sign in with your CDF project name and credentials.
Select Configure AIR in the menu.
Complete the steps to trigger the confirmation e-mail.
Step 5: Provide information
Reply to the confirmation e-mail with the following information included so Cognite Support can authenticate against your AD tenant:
- The CDF project name and the cluster it runs on.
- The client ID of the Cognite AIR application you created in step 1.
- The secret that you created in step 2.
- The Azure AD tenant ID used by the CDF project.
Step 6: Cognite Support configures the back-end services and functions
Please wait for Cognite Support to complete the configuration before you start to use AIR on your project.
Step 7: Give permission to the AIR application
The user who is the admin of the Azure AD tenant needs to give permission to the whole organization.
Navigate to AIR and sign in. You will then be asked to give other users permission to the AIR application.
Make sure to select Give access to whole organization.
You should now be ready to use AIR!