Skip to main content

How to Change Your Identity Provider (IdP): Playbook and Key Information [Cognite Official]

  • July 30, 2025
  • 0 replies
  • 47 views
Shashan Udawatte
Practitioner
Forum|alt.badge.img+2

Understanding Project-Organization and IdP Relationships

Each project is associated with exactly one organization, and each organization is configured with a single external Identity Provider (IdP), also referred to as a tenant.

To access a project via Fusion, users must first authenticate through the organization’s IdP, initiating a federated login flow.

 

Implications of Changing an Organization’s Identity Provider (IdP)

  • Immediate Logout: All users will be instantly logged out of the organization and will no longer be able to access its associated projects.
  • Session Invalidation: Any sessions created via the Sessions API will expire and stop working within approximately 10 minutes.
  • User ID Reassignment: Every user will receive a new user ID. As a result, any data tied to the old user ID will become inaccessible (“lost”), unless proactively migrated. While data migration is possible, the current process is manual and time-consuming.
  • Therefore, careful planning is required to retain access to user-specific and private content such as:
    • Private Charts
    • Private Canvases
    • Private Jupyter Notebooks
    • Private AI Agents
    • Canvas invitations or shares
    • Comments or tags referencing specific users

Proper communication and planning are essential to minimize disruption and data loss during the IdP transition process.

 

IdP Limitations Within Organizations

It is important to note that an organization can only be configured with a single Identity Provider (IdP). It is not possible to:

  • Change the IdP for individual projects within an organization, or
  • Register multiple IdPs for a single organization.

If multiple IdPs are needed, the correct approach is to create a separate organization configured with the desired IdP and migrate the relevant projects to that organization.

 

Requesting an IdP Change

To initiate an Identity Provider (IdP) change, Please raise a ticket to Cognite Support via the portal or by sending an email to support@cognite.com with the following details:

  • Current IdP tenant information
  • New IdP tenant ID
  • Admin Group ID

Once the request is received, the Cognite Support Team will coordinate with the Turbofish team to process the change.

You can also refer to the documentation for guidance on how to migrate projects from one Azure tenant to another Azure tenant.

 

D
Andrew Wagner
Sachin Perera

Terms & ConditionsCookie SettingsAccessibility statement