> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cognite.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Register an app in Entra ID

> Learn how to register an application in Entra ID for use with the Python SDK, Jupyter notebooks, or Postman with interactive authentication.

Follow the steps below to register an app in Entra ID to use with the Python SDK, Jupyter notebooks, or Postman. You can use the same steps to register desktop apps and one-off/short-term scripts. Users can sign in using their browser and use the acquired token in for example Jupyter.

<Steps>
  <Step title="Navigate to app registrations">
    Sign in to the [Azure portal](https://portal.azure.com) as an admin.

    If you have access to multiple tenants, select the tenant in which you want to register an application.

    Search for and select **Entra ID**, then under **Manage**, select **App registrations** > **New registrations**.
  </Step>

  <Step title="Configure the application registration">
    In the **Register an application** window, configure the following settings:

    1. Enter a **name** for your application.
    2. Select the supported **account types**.
    3. Under **Redirect URI (optional)**, select **Public client/native (mobile & desktop)** and specify the redirect URI:
       * **Jupyter/Python SDK**: `http://localhost:53000`
       * **Postman**: `https://oauth.pstmn.io/v1/callback`

    <Frame>
      <img src="https://apps-cdn.cogniteapp.com/@cognite/docs-portal-images/1.0.0/images/cdf/access/azure_reg_app_jupyter_sdk.png" alt="Register an application in Entra ID with redirect URI configuration" width="80%" />
    </Frame>

    Select **Register** to create the application.
  </Step>

  <Step title="Configure authentication settings">
    Select **Authentication** to add more redirect URIs and optionally enable device code flow.

    Configure additional authentication options as needed for your use case, then select **Save**.

    <Frame>
      <img src="https://apps-cdn.cogniteapp.com/@cognite/docs-portal-images/1.0.0/images/cdf/access/azure_redir_uris_jupyter_sdk.png" alt="Add redirect URIs and configure device code flow in Entra ID" width="80%" />
    </Frame>

    <Tip>
      Enable device code flow if users need to authenticate from environments without a browser, such as terminals or remote servers.
    </Tip>
  </Step>

  <Step title="Configure API permissions">
    Configure the required permissions for your application to access CDF.

    1. Select **API permissions**. The Microsoft Graph `User.Read` permission is already selected by default.

    2. Select **Add a permission**.

    3. Under **APIs my organization uses**, select the CDF API for your cluster (for example, `westeurope-1`).

    4. For **Delegated permissions**, select the required permissions:

       * Select `user_impersonation` for standard API access
       * Select `IDENTITY` to use the [token inspection endpoint](/api-reference/concepts/20230101/tokens)

           <Note>
             Delegated permissions filter the permissions a user has based on group memberships but don't add any permissions. Learn more about [access token scopes](/cdf/access/concepts/access_token_scopes).
           </Note>

    5. Select **Add permissions**.

    <Frame>
      <img src="https://apps-cdn.cogniteapp.com/@cognite/docs-portal-images/1.0.0/images/cdf/access/azure_api_perms_user_impersionation.png" alt="API permissions showing user_impersonation scope configured" width="x%" />
    </Frame>
  </Step>

  <Step title="Grant admin consent">
    Select **Grant admin consent for...** and confirm that you want to activate the new permissions.

    <Check>
      Your application is now registered and configured for use with the Python SDK, Jupyter notebooks, or Postman.
    </Check>
  </Step>
</Steps>
