-
Notifications
You must be signed in to change notification settings - Fork 2
Azure Active Directory
Every tenant that you want to have a dashboard for needs to be configured with your application getting access to the Power BI Service. This is done through the Azure Portal. Pre requisite of this is that the tenant already has an Azure subscription and an active directory set up and also that Power BI has been set up for the organization. This document does not describe this process.
Start by navigating to the Active Directory feature in the Azure Portal: ![](Azure Active Directory Images/1.png)
Navigate to the Applications setting tab: ![](Azure Active Directory Images/2.png)
In the bottom toolbar, Add an application: ![](Azure Active Directory Images/3.png)
Select that you are adding an application your organization is developing: ![](Azure Active Directory Images/4.png)
Name the application: ![](Azure Active Directory Images/5.png)
Set up the URLs - the sign-on URL is the URL that will be redirected to for the OAUTH process when you're authorizing the app. The App ID URI is related to the domain in Active Directory. Both these URLs can be changed later. In addition, you can add more than one sign-on (Reply) URL later, which you might want to do with regards to when you're developing it. This URL must be the same being used when authenticating - if this is wrong and you use a URL when authenticating that is not registered, authentication will fail. ![](Azure Active Directory Images/6.png)
After you've created the application, navigate to the Configure tab: ![](Azure Active Directory Images/7.png)
Scroll down to the Client ID part - this is important and will be needed for authentication. ![](Azure Active Directory Images/8.png)
Add a Client Secret key under Keys, for instance set it to 2 years expiration: ![](Azure Active Directory Images/9.png)
The Client Key gets visible after you save the application: ![](Azure Active Directory Images/10.png)
As mentioned, you can add a second or more URLs for valid Reply URLs: ![](Azure Active Directory Images/11.png)
Under permissions to other applications, we want this application to have access to Power BI: ![](Azure Active Directory Images/12.png)
Find Power BI Service in the list and add it: ![](Azure Active Directory Images/13.png)
In the delegated permissions dropdown, select all the permissions: ![](Azure Active Directory Images/14.png)
You now have your tenant set up. Save it and use the Client ID and Client Secret in your application to try to authenticate.