Check the
documentation
Ask the
Community
Take a look
at
Academy
Cognite
Status
Page
Contact
Cognite Support
Really great progress has been made in support for OAuth2 and Open ID Connect, as described here. Support for Azure AD was the right first move into this area. Next, I recommend full support be added to CDF (backend and frontend) for using Auth0 as the identity provider. I discussed with a member of the Cognite identity team in Q4 of 2021, but was told the support was ready with the backend since Auth0 meets the Minimum IdP requirements, but the frontend would not be accessible with Auth0. Only API access would work.
I’ve lost track of this area a bit, so decided a Product Feedback topic would be a great way to keep everyone updated on the status. Thanks!
Hi@Ben Brandt ,
Thank you for the insight and feedback!
At present, our focus is to enhance our Azure AD (AAD) support. Auth0 is one of the options we’re considering in the context of expanded IdP support, but we do not currently have that specific expansion planned and committed for an upcoming CDF release.
Your feedback and request will be added to help us prioritize IdP support expansion relative to other Cognite Data Fusion platform enhancements.
A few Cognite and Auth0 cross-references I’ve come across:
https://github.com/cognitedata/cognite-sdk-js/pull/660#issuecomment-903535822
dshub/auth.tsx at 23b7bdfef51d0cebbaaa5c7bad3bd22f74295e24 · andeplane/dshub (github.com)
Cognite SDK/API is able to support Auth0:
cognite-sdk-js/authentication.md at 21823f6618d6bf11dd738fb022289677259966da · cognitedata/cognite-sdk-js (github.com)
https://docs.cognite.com/cdf/access/troubleshooting/troubleshoot_oidc/#using-other-idps-than-azure-ad
https://docs.cognite.com/cdf/access/concepts/minimum_idp_requirements
It seems most of CDF supports using Auth0. The frontend may be the only piece lacking?
One more difference that I recall may need to be accounted for is that AAD exposes both a Group Name and Group Id. CDF depends on checking against a Group “Source ID” when managing access. From some experimentation and reading in the Auth0 forum, Group Name is simple to provide in the token, but getting the internal Group Id requires some additional calls to API’s which may be rate limited and not recommended to use in this context. We will have to check if Auth0 adds the Group name to the approriate claim if we can just configure “Source ID” and “Source name” in the CDF Access Management/Groups/Create new group UI.
Update on this one - there is already limited support for Auth0 in Cognite Data Fusion (including the frontend). Full parity with AAD support is in development, and will be available in H1 2024 (also with support for other OIDC-compatible IdPs).
Best Regards,
Terje Loken
Product Manager