Skip to main content
Planned for development

Cognite Data Fusion: Full Support for Auth0 as Identity Provider

Related products:Authentication and Access Management
  • March 3, 2022
  • 7 replies
  • 110 views
Ben Brandt
Seasoned

Really great progress has been made in support for OAuth2 and Open ID Connect, as described here.  Support for Azure AD was the right first move into this area.  Next, I recommend full support be added to CDF (backend and frontend) for using Auth0 as the identity provider.  I discussed with a member of the Cognite identity team in Q4 of 2021, but was told the support was ready with the backend since Auth0 meets the Minimum IdP requirements, but the frontend would not be accessible with Auth0.  Only API access would work.

I’ve lost track of this area a bit, so decided a Product Feedback topic would be a great way to keep everyone updated on the status.  Thanks!

 

7 replies

T
Seasoned Practitioner
Forum|alt.badge.img

Hi @Ben Brandt,

Thank you for the insight and feedback!

At present, our focus is to enhance our Azure AD (AAD) support. Auth0 is one of the options we’re considering in the context of expanded IdP support, but we do not currently have that specific expansion planned and committed for an upcoming CDF release.

Your feedback and request will be added to help us prioritize IdP support expansion relative to other Cognite Data Fusion platform enhancements.

Anita Hæhre
Ben Brandt
Anita Hæhre
Seasoned Practitioner
Forum|alt.badge.img+1
  • Anita Hæhre
  • Head of Community
  • March 8, 2022
Updated idea statusNewGathering Interest
Anita Hæhre
Ben Brandt
Ben Brandt
Seasoned
  • Ben Brandt
  • Author
  • Seasoned
  • March 22, 2022

A few Cognite and Auth0 cross-references I’ve come across:

https://github.com/cognitedata/cognite-sdk-js/pull/660#issuecomment-903535822

dshub/auth.tsx at 23b7bdfef51d0cebbaaa5c7bad3bd22f74295e24 · andeplane/dshub (github.com)

 

Cognite SDK/API is able to support Auth0:
cognite-sdk-js/authentication.md at 21823f6618d6bf11dd738fb022289677259966da · cognitedata/cognite-sdk-js (github.com)

https://docs.cognite.com/cdf/access/troubleshooting/troubleshoot_oidc/#using-other-idps-than-azure-ad

https://docs.cognite.com/cdf/access/concepts/minimum_idp_requirements

 

It seems most of CDF supports using Auth0.  The frontend may be the only piece lacking?

Ben Brandt
Seasoned
  • Ben Brandt
  • Author
  • Seasoned
  • March 22, 2022

One more difference that I recall may need to be accounted for is that AAD exposes both a Group Name and Group Id.  CDF depends on checking against a Group “Source ID” when managing access.  From some experimentation and reading in the Auth0 forum, Group Name is simple to provide in the token, but getting the internal Group Id requires some additional calls to API’s which may be rate limited and not recommended to use in this context.  We will have to check if Auth0 adds the Group name to the approriate claim if we can just configure “Source ID” and “Source name” in the CDF Access Management/Groups/Create new group UI.

 

Anita Hæhre
Seasoned Practitioner
Forum|alt.badge.img+1
  • Anita Hæhre
  • Head of Community
  • August 22, 2022
Gathering InterestParked
Anita Hæhre
Terje Loken
Seasoned Practitioner
  • Terje Loken
  • Product Manager
  • September 21, 2023

Update on this one - there is already limited support for Auth0 in Cognite Data Fusion (including the frontend). Full parity with AAD support is in development, and will be available in H1 2024 (also with support for other OIDC-compatible IdPs).

 

Best Regards,

Terje Loken

Product Manager

Terje Loken
Anita Hæhre
Anita Hæhre
Seasoned Practitioner
Forum|alt.badge.img+1
  • Anita Hæhre
  • Head of Community
  • September 21, 2023
ParkedPlanned for development
Anita Hæhre
Terms & ConditionsCookie SettingsAccessibility statement