This procedure will explain, in four steps, how to create a Single Tenant Azure AD application.
This will allow UpSlide to connect only to your Office 365 tenant. Once the app registration is complete, please send us the application client ID, your subscription (tenant) ID, as well as the configured reply URL.
Create the Azure AD Application
- Connect to Azure Portal using Tenant Administrator rights and go to Azure Active Directory.
- Go to App Registration and click on New Registration.
- Set a name for your Azure AD Application, and make sure that the Supported account type is set to “Accounts in this organizational directory only”
Customize the Azure AD Application
- On the Azure AD App page, save the Application (client) ID and Directory (tenant) ID (you will need to provide both to us), then click on Authentication.
- Set a Redirect URL like below:
- This URL will never be used so it does not need to target a real working URL, but it is needed to set AAD App to Client mode. We will need this information to setup the link on our side.
- Set the default Client type to "public client" (this allows UpSlide not to have a server running locally to handle the authentication)
Add needed permissions
Go to your Azure AD Application and go to API Permissions, then click on Add a permission
Select the following in Power BI Service -> Delegated Permissions:
- Workspace > Workspace.Read.All
- Report > Report.Read.All
- Dashboard > Dasboard.Read.All
- Click on Add permissions to validate the selection.
Grant consent for the whole tenant
In the API permission page, click on "Grant admin consent for ..."
This will redirect you to a consent page (you may be prompted to login). You will find the list of permissions previously added, and you will be able to grant the consent for your organization.