Salt la conținutul principal

Register the Cognite API and applications in Microsoft Entra ID

To allow users to sign in to Cognite Data Fusion (CDF) and Cognite apps with their existing organizational ID, you first need to register the Cognite API and permit it to access user profiles in your Microsoft Entra ID tenant. You then register the applications you want to allow users to access.

As an Microsoft Entra ID (ME-ID) administrator, you can consent for your entire organization to use Cognite Data Fusion (CDF) and other Cognite applications. Users can sign in to CDF and Cognite applications with their organizational identity without having to consent.

Register CDF and Cognite apps in Microsoft Entra ID

informare

To perform the steps below, you must be a Microsoft Entra ID administrator. It's important that the Microsoft Entra ID administrator sets up Postman and follows the authorization process to register the Cognite API.

Step 1.1: Permit the Cognite API to access user profiles in Microsoft Entra ID

  1. In your browser, make sure that you've signed in to Microsoft Entra ID as the tenant administrator, and then navigate to:

    https://login.microsoftonline.com/YOUR_ME-ID_TENANT_ID/adminconsent?client_id=YOUR_CDF_CLUSTER_URL

    Where:

    • YOUR_ME-ID_TENANT_ID is the ID of your Microsoft Entra ID tenant. To find your tenant ID, see this article.
    • YOUR_CDF_CLUSTER_URL is usually equal to the fully-qualified URL: https://<clustername>.cognitedata.com. If you don't know the cluster name, contact Cognite support.
Example

If you have the following:

  • YOUR_ME-ID_TENANT_ID=12345678-1234-1234-1234-123456789012; and
  • YOUR_CDF_CLUSTER=mycluster,

Then you'll have to navigate to the following URL:

  1. If prompted, confirm the account you want to use to consent to the request.

  2. Review and accept the permission request information, and select Accept.

    For more information, see Understanding Microsoft Entra ID application consent experiences.

    Accept permission request
    NOTE

    You can safely ignore any HTTP 400 errors you receive.

You have now permitted the Cognite API to access user profiles in your Microsoft Entra ID and can register applications you wish to authorize to access the API.

TIP

If you try to sign in to CDF without these permissions, you'll get an error message. The message states which cluster you're in and provides links to install and consent.

Step 1.2: Register a Cognite application in Microsoft Entra ID

  1. In your browser, make sure that you've signed in to Microsoft Entra ID as the tenant administrator, and then navigate to the URL of the application you want to register:

    If your application instance is installed in a separate cluster, you need to specify the [.cluster]. If you don't know the cluster name, contact Cognite support.

  2. If prompted, confirm the account you want to use to consent to the request.

  3. Specify your Organization (cluster) and then select Sign in with Entra ID.

  4. Review and accept the permission request on behalf of your organization, and then select Accept.

Accept permission request
  1. If the registration is successful, you are signed in to the Cognite application.
  2. Verify that the configuration is successful: Sign in with a non-admin identity to confirm that regular users in your Microsoft Entra ID can access the application.

You have now registered the Cognite application in your Microsoft Entra ID, and users can sign in to the application with their Microsoft Entra ID username and password without having to consent themselves.