Manage groups and group membership
Instead of assigning capabilities to individual users and service accounts, use groups in Cognite Data Fusion (CDF) to define what capabilities members (users or applications) have to work with different CDF resources.
You can manage group membership in your identity provider (IdP), for instance, in Microsoft Entra ID, or in Cognite Data Fusion, or in a combination of the two.
For a seamless first-time sign-in for users, we recommend creating a CDF group with capabilities to view and use data and apps. Then, include all user accounts in the group.
Manage group membership in Cognite Data Fusion
To manage group membership for user accounts in Cognite Data Fusion, you can add all authenticated users or individual users to CDF groups. To add individual users, they need to already have signed in to a CDF project.
Groups that have All user accounts as members display first in the Groups overview page.
To manage membership for service accounts, use your identity provider.
Create a group in CDF and add members
-
Sign in to Cognite Data Fusion as an admin.
-
Select the Admin workspace, and then Access management > Groups > Create group.
-
Enter a Unique name for the group and Add capabilities.
-
Under Members:
- To add all users of the organization to the group, select All user accounts.
attentionAll authenticated users automatically become members of the group and are granted all the capabilities assigned to the group. Make sure that the group has only the minimum required capabilities to access the necessary applications and data.
-
To add individual users, select List of users and then the users you want to add.
infosOnly profiles of users who have logged into the organization at least once are visible.
attentionGroup membership can be one of Externally managed or List of user or All user accounts. Exercise caution when updating group membership. Any unintended changes can lead to failures in transformations, extractors, monitoring jobs or functions.
-
Select Create.
Currently, you can only add user accounts as members of a CDF group. For service accounts you need to create the service accounts in your identity provider and manage their group membership as Externally managed.