Salt la conținutul principal

Manage groups and group membership

Instead of assigning capabilities to individual users and applications, you use groups in Cognite Data Fusion (CDF) to define what capabilities members (users or applications) have to work with different CDF resources.

You can manage CDF group membership from your identity provider - Microsoft Entra ID

Step 1: Create a group in Microsoft Entra ID

  1. Sign it to your Azure portal > Search for and select Microsoft Entra ID.

  2. Under Manage, select Groups > New group.

  3. In the New Group window, select Security as the Group type, enter a Group name, and then select Create.

    Create group
  4. Select the group to open it, add members - users or service accounts, to the group (service accounts are called applications)

  5. Copy and make a note of the Object Id.

Copy Object Id
  1. Sign in as an admin and navigate to Admin > Groups > Create group.

  2. Enter a Unique name for the group and Add capabilities.

  3. In Members select Externally managed, and in the Source ID field, enter the Object Id for the Microsoft Entra ID (ME_ID) group exactly as it exists in ME-ID. It will link the CDF group to an Azure AD group.

    Create new group with link to AAD group object ID
  4. Select Create. The members of the Microsoft Entra ID group automatically become members of the linked CDF group with the associated capabilities.