Solved

clientconfig using client

  • 21 June 2023
  • 6 replies
  • 45 views
E
Rank
Badge +2

We are using the online version of the Jupyter notebook from CDF portal for a client project - DEV and able to get the clientconfig/ client object and create and retrieve assets, run transformations, create datasets etc.

 

Client IT team has created an app and registered in Azure and also shared the tenant ID, Client ID / name and secrets as well. When we use these parameters shared for this app and run the same code locally in a notebook, it is not able to perform certain tasks (such as data set creation etc.).

 

Basically, the online version has all the IAM groups as {data engineer, data scientist Data Analyst, OIDC-Admin.}

But when we set the configuration parameters client-ID, Tenant and secrets etc., we don't get the groups entirely as above but only comes as “Data Integration”.  This “Data-integration” has limited scope and doesn't allow to create datasets etc. 

 

So how do we understand this part of roles and access management in CDF construct and applications registered in Azure AD?

 

icon

Best answer by Dilini Fernando 13 July 2023, 08:52

View original

6 replies

G
Rank
Userlevel 3
Badge

Hello,

The interactive authentication will use your group ownership to give you certain capabilities within CDF.

When you use client id + client secret, you are authenticating with an app registration as you said. Most likely the app registration is not part of the same groups in the Azure AD as your user. 

You should ask the client IT team to add the app registration to all the different groups in the Azure AD

G
Rank
Userlevel 3
Badge

Also, a link to our documentation, which hopefully explains the details

https://docs.cognite.com/cdf/access/guides/add_service_principal

 

E
Rank
Badge +2

Thanks @Gaetan Helness for the inputs. Please could you share details on this step. 

“client IT team to add the app registration to all the different groups in the Azure AD” 

Is this the same as adding service principal to the AD group.

G
Rank
Userlevel 3
Badge

yes, adding service principal (app registration) to the relevant AD groups that are mapping to the CDF groups giving the required capabilities

Dilini Fernando
Rank
Userlevel 4
Badge +2

Hi @eashwar11,

We are following up to see whether you're satisfied with the responses you've received?

If you found the responses offered by our community members to be instructive and helpful, we kindly request that you consider marking the most helpful response as the "Best Answer."This little action will acknowledges the person who offered the answer and also makes it simpler for other community members to find the most correct comments.

Best regards,
Dilini

 

Dilini Fernando
Rank
Userlevel 4
Badge +2

Hi @eashwar11,

I hope Gaetan’s reply was helpful. As of now, I will close this thread. If you have any questions please feel free to reply to us.

Best regards,
Dilini

Reply


Terms & ConditionsCookie Settings