Skip to main content
Answer

clientconfig using client

  • June 21, 2023
  • 6 replies
  • 67 views
E
Practitioner
Forum|alt.badge.img+2

We are using the online version of the Jupyter notebook from CDF portal for a client project - DEV and able to get the clientconfig/ client object and create and retrieve assets, run transformations, create datasets etc.

 

Client IT team has created an app and registered in Azure and also shared the tenant ID, Client ID / name and secrets as well. When we use these parameters shared for this app and run the same code locally in a notebook, it is not able to perform certain tasks (such as data set creation etc.).

 

Basically, the online version has all the IAM groups as {data engineer, data scientist Data Analyst, OIDC-Admin.}

But when we set the configuration parameters client-ID, Tenant and secrets etc., we don't get the groups entirely as above but only comes as “Data Integration”.  This “Data-integration” has limited scope and doesn't allow to create datasets etc. 

 

So how do we understand this part of roles and access management in CDF construct and applications registered in Azure AD?

 

Best answer by Dilini Fernando

Hi @eashwar11,

I hope Gaetan’s reply was helpful. As of now, I will close this thread. If you have any questions please feel free to reply to us.

Best regards,
Dilini

Anita Hæhre

6 replies

Gaetan Helness
MVP
Forum|alt.badge.img+1

Hello,

The interactive authentication will use your group ownership to give you certain capabilities within CDF.

When you use client id + client secret, you are authenticating with an app registration as you said. Most likely the app registration is not part of the same groups in the Azure AD as your user. 

You should ask the client IT team to add the app registration to all the different groups in the Azure AD

Johannes Hovda
Gaetan Helness
MVP
Forum|alt.badge.img+1

Also, a link to our documentation, which hopefully explains the details

https://docs.cognite.com/cdf/access/guides/add_service_principal

 

E
Practitioner
Forum|alt.badge.img+2
  • eashwar11
  • Author
  • June 22, 2023

Thanks @Gaetan Helness for the inputs. Please could you share details on this step. 

“client IT team to add the app registration to all the different groups in the Azure AD” 

Is this the same as adding service principal to the AD group.

Gaetan Helness
MVP
Forum|alt.badge.img+1

yes, adding service principal (app registration) to the relevant AD groups that are mapping to the CDF groups giving the required capabilities

Dilini Fernando
Seasoned Practitioner
Forum|alt.badge.img+2

Hi @eashwar11,

We are following up to see whether you're satisfied with the responses you've received?

If you found the responses offered by our community members to be instructive and helpful, we kindly request that you consider marking the most helpful response as the "Best Answer."This little action will acknowledges the person who offered the answer and also makes it simpler for other community members to find the most correct comments.

Best regards,
Dilini

 

Dilini Fernando
Seasoned Practitioner
Forum|alt.badge.img+2
  • Dilini Fernando
  • Seasoned Practitioner
  • Answer
  • July 13, 2023

Hi @eashwar11,

I hope Gaetan’s reply was helpful. As of now, I will close this thread. If you have any questions please feel free to reply to us.

Best regards,
Dilini

Terms & ConditionsCookie SettingsAccessibility statement