Check the
documentation
Ask the
Community
Take a look
at
Academy
Cognite
Status
Page
Contact
Cognite Support
Hello!
We're pleased to announce the introduction of group membership within groups in Cognite Data Fusion (CDF). This enables admins to add users directly to groups within CDF, simplifying the process of granting access and understanding who the members of a group are by checking it within CDF. It also significantly reduces the burden on the customer's IT team by minimizing (or eliminating) the number of tickets/requests they receive to create groups in their IdP, add users to these groups and then link the IdP groups to groups in CDF.
After adding the required capabilities to a group in CDF, admins can now choose how to manage the group's membership - either internally within CDF or continue to manage it via the customer’s IdP, as before.
Group membership managed within CDF (New)
For group membership managed internally within CDF, there are two options: admins can grant access to capabilities in the group to all users in the organization or grant access to users by explicitly adding them to the group in CDF.
1. Granting access by adding user to a group
- CDF admins click on "Create" or "Edit" a group in CDF
- Adds or modifies all required capabilities and scopes
- Selects List of users and then adds users as members to the group.
NOTE
Currently, only users can be added as members to a group in CDF. Support for service account creation within CDF and adding them as members of a group will be available in the June release
CDF admins cannot add a user to a group in a CDF project if the user has never logged in to the organization, as user profiles are only created upon successful login to an organization
2. Granting access to all users in the organization
- CDF admins creates a group in CDF
- Adds all required capabilities with scopes
- Selects All user accounts option under members.
CAUTION
Users can access a CDF project within an organization if they are a member of at least one group in the project. Creating a group with 'All user accounts' in a CDF project grants access to the project, with the capabilities mentioned in the group, to all users in the organization
Groups with "All user accounts" as members are prioritized at the top of the list in the group management UI to prevent any unintended access. We recommend creating groups with 'All user accounts' as members containing basic capabilities, such as view only (all read capabilities), to ensure a smoother first-time login experience for new users.