🔬
EmbedFAST: Technical Documentation
  • EmbedFAST: Technical Documentation
  • Version updates
    • Version 2.0
  • Redeploying for version updates
  • Setting up
    • Prerequisites
      • Set up Power BI
      • Set up Azure
      • Install PowerShell modules
      • Install Azure CLI
      • Install Bicep CLI
      • Set up the Integrated Development Environment (IDE)
    • Pre-deployment
      • App registration for EmbedFAST API Auth
        • Create an app registration
        • Add API permissions
        • Add a scope
        • Create an app role
      • App registration for Power BI Service
        • Create an app registration
        • Add API permissions
          • Microsoft Graph
          • Power BI Service
        • Power BI capacity administrator
      • Microsoft Entra security group
      • Power BI Tenant settings
      • Capacity settings
    • Deployment
      • Deploy from Azure Marketplace
      • Manual deployment
    • Post-deployment
      • Add the redirect URIs
      • Assign admin roles
      • Generate a token using Postman
        • App + user token
        • App-only token
      • Launch the web app
  • RESOURCES
    • EmbedFAST architecture
    • User API documentation
      • Asset
        • Asset - Retrieves assets
      • Bookmark
        • Bookmark - Retrieves bookmarks for a specific report
        • Bookmark - Creates a bookmark for a report
        • Bookmark - Retrieves details of a specific bookmark
        • Bookmark - Updates a bookmark's details
        • Bookmark - Deletes a bookmark for a report
        • Bookmark - Retrieves bookmarks for a report
        • Bookmark - Creates a shared bookmark for a report
        • Bookmark - Removes user access from a bookmark
      • Branding Detail
        • Branding Detail - Retrieves branding-related details
      • Dashboard
        • Dashboard - Retrieves a list of dashboards
        • Dashboard - Retrieves details of a specific dashboard
        • Dashboard - Deletes a dashboard by its ID
      • Dataset
        • Dataset - Retrieves a list of datasets
        • Dataset - Retrieves details of a dataset by its ID
        • Dataset - Deletes a dataset by its ID
      • Embed Token
        • Embed Token - Generates an embed token for reports
        • Embed Token - Generates an embed token for a dashboard
        • Embed Token - Generates an embed token for creating datasets
        • Embed Token - Generates an embed token for all assets
      • Export
        • Export - Retrieves the status of export-related details for a report
        • Export - Initiates the export process of a report
        • Export - Provides a downloadable stream for a report
        • Export - Provides a downloadable report with a specified filename
        • Export - Retrieves details of previous exports
      • Report
        • Report - Retrieves a list of reports or paginated reports by type
        • Report - Retrieves details of a specific report by ID
        • Report - Clones a report by ID with provided details
        • Report - Deletes a Power BI report by ID
        • Report - Saves a Power BI report by ID into the application
        • Report - Retrieves a list of shared or paginated reports for the user
        • Report - Shares a report with a user
        • Report - Retrieves users for sharing a report
        • Report - Un-shares a report with a user
      • Report Subscription
        • Report Subscription - Retrieves subscriptions by report by ID
        • Report Subscription - Creates a subscription by report ID
        • Report Subscription - Updates a subscription
        • Report Subscription - Deletes a subscription
        • Report Subscription - Sends an email for a subscription
      • Theme
        • Theme - Retrieves themes for a tenant
        • Theme - Retrieves details of a theme for a tenant
      • User Detail
        • User Detail - Retrieves users for a tenant
        • User Detail - Updates current user preferences
    • Admin API documentation
      • Branding Detail
        • Branding Detail - Retrieves brand details
        • Branding Detail - Creates brand details
        • Branding Detail - Updates brand details
        • Branding Detail - Deletes brand details
      • Capacity
        • Capacity - Retrieves a list of capacities
        • Capacity - Retrieves capacities for a resource group
        • Capacity - Starts a paused capacity
        • Capacity - Pauses a running capacity
        • Capacity - Assigns a capacity to a tenant
        • Capacity - Unassigns a capacity from a tenant
        • Capacity - Refreshes capacities for all tenants
        • Capacity - Refreshes capacities for a specific tenant
      • Clean Up
        • Clean Up - Cleans up old and unnecessary database entries
      • Group
        • Group - Retrieves groups for a tenant
        • Group - Creates a group for a tenant
        • Group - Retrieves details of a group for a tenant
        • Group - Updates a group for a tenant
        • Group - Deletes a group for a tenant
        • Group - Retrieves users for a group
        • Group - Removes users from a group
        • Group - Adds users to a group
        • Group - Retrieves assets for a group
        • Group - Revokes access to assets for a group
        • Group - Assigns access to assets for a group
        • Group - Updates access permissions for an asset in a group
      • Role
        • Role - Retrieves roles from the system
        • Role - Creates a new role
        • Role - Updates an existing role
        • Role - Deletes a role by ID
      • Tenant
        • Tenant - Refreshes asset details for a tenant
        • Tenant - Retrieves asset details for a tenant
        • Tenant - Retrieves a list of tenants
        • Tenant - Creates a new tenant
        • Tenant - Retrieves details of a tenant
        • Tenant - Updates the name of a tenant
        • Tenant - Deletes a tenant
        • Tenant - Retrieves users for a tenant
        • Tenant - Updates the default theme for a tenant
        • Tenant - Onboards a workspace as a tenant
        • Tenant - Onboards users to a tenant
        • Tenant - Retrieves available workspaces for onboarding
        • Tenant - Checks tenant name availability
        • Tenant - Checks updated tenant name availability
        • Tenant - Binds a dataset to a report for a tenant
        • Tenant - Retrieves a tenant's bound report and dataset
        • Tenant - Retrieves a list of a tenant's bound reports and datasets
        • Tenant - Retrieves users with tenant-level roles
        • Tenant - Assigns tenant-level access to a user
        • Tenant - Updates tenant-level user access
        • Tenant - Revokes tenant-level user access
        • Tenant - Retrieves user details for onboarding
        • Tenant - Adds report parameters to a report
        • Tenant - Updates report parameters for a report
        • Tenant - Deletes report parameters from a report
        • Tenant - Refreshes a dataset
      • Theme
        • Theme - Retrieves a list of themes for a tenant
        • Theme - Creates a new theme
        • Theme - Retrieves details of a theme by ID
        • Theme - Updates a theme by ID
        • Theme - Deletes a theme by ID
        • Theme - Assigns themes to a tenant
        • Theme - Unassigns themes from a tenant
        • Theme - Duplicates a theme with a new name
      • Trace
        • Trace - Records trace information
      • User
        • User - Retrieves user details by ID
        • User - Deletes a user
        • User - Retrieves a list of users with filters
        • User - Creates a new user with assigned assets
        • User - Assigns assets and a tenant to a user
        • User - Updates a dynamic dataset for a user
        • User - Deletes a dynamic dataset for a user
        • User - Revokes assets and tenant from a user
      • Workspace
        • Workspace - Retrieves users with workspace access
        • Workspace - Adds a user to a workspace
        • Workspace - Updates user access to a workspace
        • Workspace - Revokes user access from a workspace
    • Free app upgrades/updates
    • Best practices for resource handling
    • FAQ
Powered by GitBook
On this page
  • Load the Bicep and PowerShell files to Visual Studio Code
  • Open a terminal window
  • Execute the PowerShell script while bypassing the execution policy
  • Enter your subscription ID
  • Enter your tenant ID
  • Log into Azure through the PowerShell pop-up window
  • Enter your resource group name
  • Enter your application name
  • Enter the SKU Name
  • Enter your client ID
  • Enter your service principal client ID
  • Enter your service principal object ID
  • Enter your service principal name
  • Enter your service principal client secret
  • Other details
  • Resource Deployment Options
  • Option 1: Deploy all resources in one go
  • Option 2: Deploy resources one by one
  • Option 3: Publish SDK Build to WebApp one by one
  • Option 4: Perform Post Deployment Operation.
  • Option 5: Validate Resources
  1. Setting up
  2. Deployment

Manual deployment

PreviousDeploy from Azure MarketplaceNextPost-deployment

Last updated 8 months ago

The deployment steps detailed below are intended for manual/local deployment via Bicep. The steps for Azure Marketplace deployment can be found .

Load the Bicep and PowerShell files to Visual Studio Code

Follow the steps detailed below to deploy the app through bicep deployment, where a PowerShell script is run.

  1. Download the .

  2. Extract the folder and open it in Visual Studio Code (VS Code). The loaded files should look like this:

Open a terminal window

From the top menu bar, select Terminal -> New Terminal to access the PowerShell terminal window.

Execute the PowerShell script while bypassing the execution policy

This step is required to bypass an execution policy that doesn't allow the ZIP file to work with the PowerShell scripts.

  1. Execute command “powershell -ExecutionPolicy Bypass -File ".\Master.ps1"” in the terminal. This command will execute a PowerShell script named "Master.ps1" while bypassing the execution policy.

  2. The system will display a variety of prompts. Provide the information as requested. More details regarding the prompts are provided below.

Enter your subscription ID

Follow the steps below to find your subscription ID:

  3. Copy the subscription ID as shown below.

  4. In the PowerShell terminal, paste/enter the subscription ID from the previous step.

  5. After completing one prompt, another will enter. In this case, it will now prompt you to enter your tenant ID.

Enter your tenant ID

Navigate to your Azure Active Directory --> Overview and copy the tenant ID as shown below. Paste/enter the ID into the PowerShell terminal.

Log into Azure through the PowerShell pop-up window

Log into Azure (with the account used in the previous steps).

Enter your resource group name

Follow the steps below to find the name of your resource group:

  1. Type “Resource groups" in the search bar of the Azure home page and select said option as it appears.

  3. Find the name of your resource group at the top left corner of your page.

  4. Enter the resource group name in the PowerShell terminal like the previous steps.

Enter your application name

Create and enter a name for your application. The names for all underlying Azure resources will be based on this application name. For example, if you want to deploy a web app for admin, it will be deployed as admin-<YourAppName>-web-app.

Enter the SKU Name

Enter your client ID

This client ID is obtained from the overview page of the app registration previously created for the EmbedFAST API as part of the pre-deployment steps. Follow the steps below to find your client ID:

  1. Click on Owned applications to see a list of applications you registered, including the ones for the API and Power BI Service done in the pre-deployment steps.

  1. Next to the Display name column is the Application (client) ID column which contains the information needed. Find the application registration created for the EmbedFAST API on the list and note down its client ID.

  2. Alternatively, clicking the app's name takes you to its summary page where you can also find the client ID and copy it directly to your clipboard.

Enter your service principal client ID

This application ID is obtained from the overview page of the app registration previously created for the Power BI Service as part of the pre-deployment steps.

Note:

Enter your service principal object ID

The object ID is obtained from the enterprise application created for the Power BI Service, which is created by default once we create an app registration for it. Follow the steps below to find the ID:

  1. Search for the name of the app registration created for Power BI Service in the search bar. Your enterprise application will be under the same name.

  2. Click on the application's name to access its details page.

  3. Copy the object ID from the Object ID field displayed on the application details page, as shown below.

Enter your service principal name

Enter your service principal client secret

Follow the steps below to create a client secret:

Note: The client secret will only be visible at the time of creation. Take note of it and store it securely for future use for whenever the client secret is required.

  2. Search for the application created for the Power BI Service once on this page.

  3. Click on the application's name to access its details page.

  4. Select Certificates & secrets (under Manage) from the left pane.

  1. Click on New client secret to create a client secret.

  1. Click on Add to add a client secret. Enter a description and select when the secret expires.

  1. Copy the value of the newly created client secret as shown below.

Reminder: Take note of the client secret and store it securely for future use for whenever it is required. The client secret is only visible at the time of creation and will NOT be visible again.

Other details

  • Enter the sender email: Provide an email address. This email will be used for sending subscription emails to other users.

  • Enter the sender email password: Provide the password for the email address provided in the previous step.

  • Enter the SQL admin login username: Provide the username you use for logging into the database as a SQL Admin.

  • Enter the SQL admin login password: Provide the password for the username login provided in the previous step.

Resource Deployment Options

After entering a database login password, a menu displaying various options to deploy resources to Azure will appear.

Option 1: Deploy all resources in one go

  • A pre-run validation function will be triggered to validate that will perform the resources (check for any existing resources with the same name already exists).

  • This option will initiate the deployment of all the resources one by one in a sequential manner, as outlined below.

  • The code imports multiple module files to deploy different Azure resources:

    • The ‘SQLDB’ module will deploy SQL DB using SQL Script.

    • The ‘FunctionApp’ module deploys a function app to Azure using the provided parameters.

    • The ‘AdminWebApp’ module deploys an admin web app application using the provided parameters.

    • The ‘AdminAppInsights’ module deploys application insights for the admin web app application, with a dependency on the ‘AdminWebApp’ module.

    • The ‘WebApp’ module deploys a user web application using the provided parameters.

    • The ‘UserAppInsights’ module deploys application insights for the user web application, with a dependency on the ‘WebApp’ module.

    • The ‘KeyVault’ module deploys a key vault, with dependencies on both the ‘AdminWebApp’ and ‘WebApp’ modules.

    • The ‘blob’ module deploys a blob storage resource.

    • The ‘Role’ module will provide access to all the webapps and function app to blob storage.

    • The code includes output variables ‘AdminWebAppObjectId’ and ‘UserWebAppObjectId’ that capture the object IDs of the deployed web applications.

Option 2: Deploy resources one by one

  • On selecting option 2, a pre-run validation function will be triggered to validate that will perform the resources (check for any existing resources with the same name already exists).

  • A menu displaying the available deployment options numbered from 1 to 8 will appear. You are prompted to enter an option:

  • For options 1 to 6, a Bicep script is executed to deploy Azure resources. The code utilizes the ‘New-AzResourceGroupDeployment’ cmdlet to deploy resources according to the selected option. It uses a Bicep template and parameter files to configure the deployment.

    • Option 1: Azure SQL Database with bacpac

      • This option initiates the deployment of an Azure SQL Database using a bacpac file.

    • Option 2: Azure Web Application & Azure Key Vault:

      • Selecting this option initiates the deployment of an Azure Web Application and an Azure Key Vault.

    • Option 3: Admin Azure App Insights:

      • This option triggers the deployment of Azure Application Insights for the Admin web application.

    • Option 4: User Azure App Insights:

      • Selecting this option initiates the deployment of Azure Application Insights for the user web application.

    • Option 5: Azure blob storage:

      • This option deploys the Azure Blob Storage.

    • Option 6: Azure Role Based Access for connection between WebApp, KeyVault and Blob.

      • A role resource deployment is initiated. The code performs necessary actions to deploy roles that require admin access.

  • If option 7 is selected, it allows the you to go back to the previous menu.

  • If option 8 is selected, you will exit the program.

Option 3: Publish SDK Build to WebApp one by one

  • On selecting option 3, a menu with the following options will appear where you are prompted to enter a selection. You should select the options in order as per the numbering:

    • Option/step 1: The code initiates the publishing process for the admin web application. It uses the ‘Publish-AzWebApp’ cmdlet to publish the build from the specified archive path to the admin web application.

    • Option/step 2: The code initiates the publishing process for the build to the function application.

    • Option/step 3: The code initiates the publishing process for the build to the web application.

    • Option/step 4: It takes you back to the main menu.

    • Option/step 6: The code exits the program.

    • For any other invalid option: An error message is displayed, indicating that an invalid value was provided.

Option 4: Perform Post Deployment Operation.

This option will:

  • Add your client IPv4 address to Set Server Firewall.

  • Grant the necessary permissions to the service principal app registration on the Database. It will give admin access on the Database created.

  • Add the Power BI App Service principal as an external Azure AD user.

Option 5: Validate Resources

A pre-run validation function will perform resource validation. This function is designed to be used before executing a run, primarily to ensure the availability or correctness of any required resources with the same name that have been previously deployed.

Type “Subscriptions" in the search bar and select said option as it appears.

Once on the page, you will see a list of subscriptions displayed. Select the subscription used /you want to deploy your resources to.

Once on the page, you will see a list of resource groups displayed. Select the resource group that you have created /want to deploy your resources to.

Choose an that fits your needs. Example inputs: B1, B2, S1, S2, etc.

Type “App registrations" in the search bar and select said option as it appears.

You can follow steps 1-3 to obtain your service principal application ID for the Power BI Service. After step 3, find the application registration created for the Power BI Service on the list and note down its client ID.

Type "Enterprise applications" in the search bar and select said option as it appears.

On the same page where the was obtained from, you can find the name of your service principal at the top left corner of your page.

Navigate to the App registrations page as shown in the step.

Azure portal
earlier
earlier
SKU
Azure portal
Azure portal
detailed above
object ID
Enter your subscription ID
here
PowerShell files