Difference between revisions of "Web Admin approval for Azure services"

(Created page with "When connecting to an Azure resource, for example Azure Analysis Services, XLCubed Web makes use of the XLCubed app registration ({{Code|02b5d7ef-9e5a-4351-aa9b-9d65e5e3df12}}...")
 
m (Text replacement - "XLCubed" to "FluenceXL")
 
Line 1: Line 1:
When connecting to an Azure resource, for example Azure Analysis Services, XLCubed Web makes use of the XLCubed app registration ({{Code|02b5d7ef-9e5a-4351-aa9b-9d65e5e3df12}}). The first time a user accesses an Azure resource via XLCubed Web in an organisation, an administrator will need to grant approval.
+
When connecting to an Azure resource, for example Azure Analysis Services, FluenceXL Web makes use of the FluenceXL app registration ({{Code|02b5d7ef-9e5a-4351-aa9b-9d65e5e3df12}}). The first time a user accesses an Azure resource via FluenceXL Web in an organisation, an administrator will need to grant approval.
  
 
Alternatively, you can follow the instructions [[#Using a Custom App Registration|below]] to use an internal App Registration.
 
Alternatively, you can follow the instructions [[#Using a Custom App Registration|below]] to use an internal App Registration.
  
The XLCubed application uses these permissions to access the Azure data source in a managed way, allowing the administrator to have control over which permissions they grant, as described in this series of Microsoft articles about App registrations and Enterprise applications: [https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals Microsoft article on Azure applications].
+
The FluenceXL application uses these permissions to access the Azure data source in a managed way, allowing the administrator to have control over which permissions they grant, as described in this series of Microsoft articles about App registrations and Enterprise applications: [https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals Microsoft article on Azure applications].
  
 
These are the API permissions it can use:
 
These are the API permissions it can use:
  
[[File:XLCubed app permissions.png|A screenshot showing the XLCubed app registration API permissions]]
+
[[File:FluenceXL app permissions.png|A screenshot showing the FluenceXL app registration API permissions]]
  
 
Some of the permissions can be granted when required. For example, if access to PowerBI isn't needed, then the Power BI Service APIs can be omitted.
 
Some of the permissions can be granted when required. For example, if access to PowerBI isn't needed, then the Power BI Service APIs can be omitted.
Line 22: Line 22:
 
==Using a Custom App Registration==
 
==Using a Custom App Registration==
  
XLCubed can use a custom app registration for some of these accesses. You will need to tell XLCubedWeb the details of this new app registration by updating the web.config file and adding keys for the following:  
+
FluenceXL can use a custom app registration for some of these accesses. You will need to tell FluenceXLWeb the details of this new app registration by updating the web.config file and adding keys for the following:  
 
* {{Code|PowerBiClientID}}
 
* {{Code|PowerBiClientID}}
 
* {{Code|PowerBiClientSecret}}
 
* {{Code|PowerBiClientSecret}}
 
* {{Code|PowerBiRedirectUrl}}
 
* {{Code|PowerBiRedirectUrl}}
 
   
 
   
The redirect url must go to a page with the same content as the built-in redirect so that the token can be passed to XLCubed. The standard redirect is to https://www.xlcubed.com/getpowerbitokenweb.html.
+
The redirect url must go to a page with the same content as the built-in redirect so that the token can be passed to FluenceXL. The standard redirect is to https://www.xlcubed.com/getpowerbitokenweb.html.
  
 
For single-tenant applications you may also need to add the following key with your Tenant ID:
 
For single-tenant applications you may also need to add the following key with your Tenant ID:

Latest revision as of 09:40, 4 July 2023

When connecting to an Azure resource, for example Azure Analysis Services, FluenceXL Web makes use of the FluenceXL app registration (02b5d7ef-9e5a-4351-aa9b-9d65e5e3df12). The first time a user accesses an Azure resource via FluenceXL Web in an organisation, an administrator will need to grant approval.

Alternatively, you can follow the instructions below to use an internal App Registration.

The FluenceXL application uses these permissions to access the Azure data source in a managed way, allowing the administrator to have control over which permissions they grant, as described in this series of Microsoft articles about App registrations and Enterprise applications: Microsoft article on Azure applications.

These are the API permissions it can use:

A screenshot showing the FluenceXL app registration API permissions

Some of the permissions can be granted when required. For example, if access to PowerBI isn't needed, then the Power BI Service APIs can be omitted.

Azure Active Directory Graph
Used to obtain user identity information. Required
Azure Analysis Services
Allows access to Azure Analysis Services data models
Azure SQL Database
Allows access to Azure SQL databases
Power BI Service
Allows access to Power BI models

Using a Custom App Registration

FluenceXL can use a custom app registration for some of these accesses. You will need to tell FluenceXLWeb the details of this new app registration by updating the web.config file and adding keys for the following:

  • PowerBiClientID
  • PowerBiClientSecret
  • PowerBiRedirectUrl

The redirect url must go to a page with the same content as the built-in redirect so that the token can be passed to FluenceXL. The standard redirect is to https://www.xlcubed.com/getpowerbitokenweb.html.

For single-tenant applications you may also need to add the following key with your Tenant ID:

  • AzureAuthorityAudience

See Also

Retrieved from ‘https://help.fluencexl.com/index.php?title=Web_Admin_approval_for_Azure_services&oldid=11458