# Setup and administration with OpenID Connect
This article explains how you can use the Cognite Data Source for Grafana to use a Cognite Data Fusion (CDF) project as a data source in Grafana to query, explore and visualize data that is stored in CDF.
You can use OpenID Connect and your existing identity provider (IdP) framework to manage access to CDF data securely. We currently support Azure AD, Microsoft's cloud-based identity and access management service.
In this article:
Follow the steps below to connect to a CDF project with OpenID Connect and use CDF as a data source in Grafana.
To perform the steps below, you need to be an administrator of Azure AD and your Grafana instance.
# Before you start
# Step 1: Register Grafana as an application in Azure AD
The Cognite Data Source for Grafana uses the credentials you use to sign in to Grafana to connect to CDF. Therefore, you need to set up the Grafana instance to authenticate the user towards the same identity provider (IdP) as your CDF project.
The first step is to configure the Grafana instance to use OAuth2. The example below uses Azure AD as the IdP.
Make sure that you have already registered the Cognite API and the CDF portal application in Azure AD.
To enable users to sign in to Grafana with their organizational ID, follow the steps in the Grafana documentation to register Grafana as an application in Azure AD and enable Azure AD authentication in Grafana (opens new window).
NOTE: Use these permission scopes in the Grafana configuration file (opens new window):
scopes = openid email profile offline_access https://<your-cluster>.cognitedata.com/user_impersonation https://<your-cluster>.cognitedata.com/IDENTITY
TIP: If you are running Grafana locally, use
httpin the redirect URL. For example:
Make sure that you close the Grafana configuration file after you have updated it, and the restart the Grafana service.
Sign in to Grafana to verify that the configuration is successful.
# Step 2: Decide access to CDF data
- To decide what access users should have to data in CDF, follow the steps in Link Azure AD and CDF groups.
# Step 3: Install the Cognite Data Source for Grafana
To install the Cognite Data Source for Grafana:
If you are using the Grafana Enterprise edition:
In your browser, make sure you're logged in to Grafana as an administrator.
Navigate to the Cognite Data Source for Grafana plugin (opens new window) and select Install plugin.
If you are using a self-hosted Grafana instance:
- Follow the instructions on the Installation (opens new window) tab to install the plugin.
# Step 4: Configure the Cognite Data Source for Grafana
To configure the Cognite Data Source for Grafana:
In your browser, log in to Grafana as an administrator.
In Grafana, navigate to Configuration > Data sources > Add data source > Search for "Cognite".
Enter your project name, the API URL and select Forward OAuth Identity.
Click Save & Test to validate your Cognite credentials.
Verify that the configuration is successful: Sign in to Grafana with a non-admin identity and create a dashboard to confirm that regular users in your Azure AD can access Grafana and work with data from CDF.