Impact 2024: The Industrial Data and AI Conference for and by Users | Nominate Speakers Now for a Ch...
We are a Cognite customer who provides our own customers with access to CDF APIs.These customers develop their own software to consume our data, and use the Cognite SDKs to do so.Currently we generate client credentials for each customer and rely on them to keep these safe. An optimal solution for this would involve: Not to have to administer on our side which users from the customer have access. This is the customer's responsibility, and we want to avoid both the admin, and potential IdP charges from adding many additional users to our IdP. Not to have to supply customers with client credentials that they must then keep safe. This makes us overly reliant on the security practices of the customer org and individual developers. First class support in the Cognite SDK (i.e. not having to treat it as a special case and build a custom token provider).
It seems that the Cognite Power BI connector only allows end-user credentials to be used, ever since moving away from API keys. This results in tying headless processes like nightly refreshes of PBI datasets, to the end-user account of the person who developed the reports, which then break when the end user moves on and their account is deactivated. Often this happens when Cognite consultants move from project to project.Other applications of OIDC e.g. the Cognite SDK, allow for client credentials to be used for this kind of use case. I am therefore wondering why this is not the case with the Cognite Power BI connector?Our workaround for this use case has always been to use an end user account in AAD which is not set up with MFA, is not required to change password and so on. Our IT department is becoming understandably resistant to this. It would be better if explicit support for OIDC client creds (i.e. an app registration and client id/secret) were in place, then we would not have to
Already have an account? Login
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.