Difference between revisions of "Azure App Registration"
(Created page with "In order to use Azure connected data sources in AnaplanXL web there was a multi-tenant application that relied on the xlcubed.com domain. As this is being depreciated custome...") |
|||
| Line 12: | Line 12: | ||
**Give the App a name that will be meaningful to your users | **Give the App a name that will be meaningful to your users | ||
**Add a Web Redirect URI to your instance(s) of AnaplanXLWeb | **Add a Web Redirect URI to your instance(s) of AnaplanXLWeb | ||
| − | ***This is the URI of your web server | + | ***This is the URI of your web server followed by {{code|/SSOToken.html}} |
***I am using a test instance on my local machine I can reach at {{code|http://localhost/xlcubedweb}} so I use {{code|http://localhost/xlcubedweb/SSOToken.html}}. | ***I am using a test instance on my local machine I can reach at {{code|http://localhost/xlcubedweb}} so I use {{code|http://localhost/xlcubedweb/SSOToken.html}}. | ||
| Line 25: | Line 25: | ||
***If the secret expires you must create a new secret and update the web configuration to use it. (This is covered later) | ***If the secret expires you must create a new secret and update the web configuration to use it. (This is covered later) | ||
**<b>Copy the secret as you will need it later</b> | **<b>Copy the secret as you will need it later</b> | ||
| + | |||
| + | * Permissions | ||
| + | **Click Manage -> API permissions | ||
| + | **Microsoft Graph is automatically configured for you and should be left as-is. | ||
| + | **Click Add a permission | ||
| + | **You can now pick the permissions you require based on the data source you want to connect to. If you select "APIs my organization uses" you can get a searchable list. | ||
| + | **When picking a permission you must choose from the Delegated permissions. These allow data access as the signed in user so that their permissions are correctly applied. Granting the App registration permission means it can access the data on behalf of the user, it will not grant them additional permissions to data they cannot normally access. | ||
| + | |||
| + | **Commonly used permissions are: | ||
| + | ***Azure Analysis Services – Model.ReadWrite.All | ||
| + | ****Allows users to connect to Azure SSAS and query the data in the cubes | ||
| + | |||
| + | ***Power BI – Dataset.Read.All and Workspace.Read.All | ||
| + | ****Allows users to view workspaces and data sets, and to run queries against them. | ||
| + | |||
| + | ***Azure SQL Database – user_impersonation | ||
| + | ****Allows users access to Azure SQL databases. | ||
| + | |||
| + | Once you have selected the API permissions you want the App registration is complete. | ||
Revision as of 17:40, 19 February 2025
In order to use Azure connected data sources in AnaplanXL web there was a multi-tenant application that relied on the xlcubed.com domain.
As this is being depreciated customers are encouraged to create their own App Registration in their Azure tenant, and configure their AnaplanXL web instances to use that. This document will explain how to do that.
You need an Azure admin with permission to create an App registration to do this.
App registration
- Go to the App registrations screen and click "New registration"
- Configure basic settings
- Give the App a name that will be meaningful to your users
- Add a Web Redirect URI to your instance(s) of AnaplanXLWeb
- This is the URI of your web server followed by /SSOToken.html
- I am using a test instance on my local machine I can reach at http://localhost/xlcubedweb so I use http://localhost/xlcubedweb/SSOToken.html.
- Authentication
- Click Manage -> Authentication
- Check the box for ID tokens and press Save
- Client secret
- Click Manage -> Certificates & secrets
- Click New client secret
- Give the secret a name and choose the expiry
- If the secret expires you must create a new secret and update the web configuration to use it. (This is covered later)
- Copy the secret as you will need it later
- Permissions
- Click Manage -> API permissions
- Microsoft Graph is automatically configured for you and should be left as-is.
- Click Add a permission
- You can now pick the permissions you require based on the data source you want to connect to. If you select "APIs my organization uses" you can get a searchable list.
- When picking a permission you must choose from the Delegated permissions. These allow data access as the signed in user so that their permissions are correctly applied. Granting the App registration permission means it can access the data on behalf of the user, it will not grant them additional permissions to data they cannot normally access.
- Commonly used permissions are:
- Azure Analysis Services – Model.ReadWrite.All
- Allows users to connect to Azure SSAS and query the data in the cubes
- Azure Analysis Services – Model.ReadWrite.All
- Commonly used permissions are:
- Power BI – Dataset.Read.All and Workspace.Read.All
- Allows users to view workspaces and data sets, and to run queries against them.
- Power BI – Dataset.Read.All and Workspace.Read.All
- Azure SQL Database – user_impersonation
- Allows users access to Azure SQL databases.
- Azure SQL Database – user_impersonation
Once you have selected the API permissions you want the App registration is complete.
