Web Admin approval for Azure services
When connecting to an Azure resource, for example Azure Analysis Services, FluenceXL Web makes use of the FluenceXL app registration (02b5d7ef-9e5a-4351-aa9b-9d65e5e3df12). The first time a user accesses an Azure resource via FluenceXL Web in an organisation, an administrator will need to grant approval.
Alternatively, you can follow the instructions below to use an internal App Registration.
The FluenceXL application uses these permissions to access the Azure data source in a managed way, allowing the administrator to have control over which permissions they grant, as described in this series of Microsoft articles about App registrations and Enterprise applications: Microsoft article on Azure applications.
These are the API permissions it can use:
Some of the permissions can be granted when required. For example, if access to PowerBI isn't needed, then the Power BI Service APIs can be omitted.
- Azure Active Directory Graph
- Used to obtain user identity information. Required
- Azure Analysis Services
- Allows access to Azure Analysis Services data models
- Azure SQL Database
- Allows access to Azure SQL databases
- Power BI Service
- Allows access to Power BI models
Using a Custom App Registration
FluenceXL can use a custom app registration for some of these accesses. You will need to tell FluenceXLWeb the details of this new app registration by updating the web.config file and adding keys for the following:
- PowerBiClientID
- PowerBiClientSecret
- PowerBiRedirectUrl
The redirect url must go to a page with the same content as the built-in redirect so that the token can be passed to FluenceXL. The standard redirect is to https://www.xlcubed.com/getpowerbitokenweb.html.
For single-tenant applications you may also need to add the following key with your Tenant ID:
- AzureAuthorityAudience
