# Grant admin and user access

The Solutions Portal uses the Cognite Data Fusion (CDF) access management system to grant access to suites and boards. To set up suites and boards in the Solutions Portal, you need administrator access to your CDF project.

In this article:

# Grant standard user access

  1. First, make sure that you have allowlisted the domain cogniteapp.com in Cognite Data Fusion.

  2. Make sure that the user has the following capabilities via any group:

    • groups:list(current-user)
    • files:read

# Grant admin access

To be an admin user, you must be a member of the dc-system-admin group.

  1. If it doesn't already exist, create a CDF group named dc-system-admin. This is the group name that the Solutions Portal will look for to determine if a user has admin rights.

  2. Grant these capabilities to the group:

    • groups:list(all)
    • files:read, files:write
    • dataset:read, dataset:write
  3. Assign your Solutions Portal admin user(s) to the group.

# Allowlist the Solutions Portal domain names

Use the Access management section in Cognite Data Fusion to allowlist the Solution Portal domain(s) to make it work with your CDF project. To access CSP on production add cogniteapp.com to Allowed application domains list.

# Create a data set for image files (optional)

The Solutions Portal automatically creates a data set to store image files such as board previews and a customer logo when a system admin logs in to the app for the first time.

You can also create the data set manually to restrict the capabilities files:write and files:read to the dc-system-admin group, and use other configuration options for the data set. Make sure that you set the externalId to dc_img_preview_storage.

# Sign in with Azure Active Directory (AAD)

To use the Solutions Portal with Azure Active Directory (AAD), you need set up AAD to allow users to sign in to CDF and the Solutions Portal. You also need to set up and Azure AD and CDF groups to control access. Follow these instructions:

There are two authentication flows for AAD:

  • To sign in with the 'legacy' flow, enter the CDF project ID in the Company ID field and select Continue.

  • To sign in with the OIDC flow, select the Login with Microsoft Azure option and specify the Azure AD tenant ID in the Azure Tenant input field.

    Log in with AAD

Last Updated: 9/17/2021, 2:43:03 PM