Create an app registration for the LoadFAST API
Follow the steps below to create and configure an app registration for the LoadFAST API. This is needed for authentication/authorization purposes.
Create an app registration
To create an app registration, you must have one of the following Microsoft Entra roles:
Global Administrator
Cloud Application Administrator
Log into the Azure portal.
Type “Microsoft Entra ID" in the search bar and select said option as it appears.
Select App registrations (under Manage) from the left pane and click on New registration. This will take you to the Register an application page.
Enter an application name in the Name section. We have named it PowerBILoadAnalyzer, and will refer to it as such throughout the documentation.
Under the Supported account types section, select:
Accounts in any organizational directory (------ only - Single tenant) option (in our example, the "------" is MAQ Software, but this blank should have the name of your tenant instead).
Click on Register to create the application.
After the app registration is created, you will see a summary page listing the details of your application.
Add Microsoft Graph API permissions
Select API permissions from the left pane of the app registrations overview page.\
Click on Add a permission on the API Permissions page.
A menu titled Request API permissions will appear on the right side.
Click on Microsoft Graph.\
Click on Delegated permissions.
Scroll to the bottom to the User section and expand the drop-down menu.
Select the User.Read and the User.ReadBasic.All permissions shown below:
Click on Add permissions to confirm the changes.
Add Power BI Service permissions
Click on Add a permission on the API Permissions page to open the Request API Permissions menu.
Select Power BI Service. You may need to scroll down on the menu to view this option.
Click on Delegated permissions.
Scroll to the Dataset, Report, and Workspace section and expand their drop-down menus.
Select the permissions detailed below:
Dataset -> Dataset.Read.All
Report -> Report.Read.All
Workspace -> Workspace.Read.All
Click on Add permissions to confirm the changes.
Create a client secret
Create a client secret for the app registration created earlier by following the steps detailed below:
Note: The client secret will only be visible at the time of creation. Take note of it and store it securely for future use for whenever the client secret is required.
Type “App registrations" in the Azure portal search bar and select said option as it appears.
Click on Owned applications to see a list of applications you registered. Search for the application you created earlier.
Click on the application's name to access its details page.
Select Certificates & secrets (under Manage) from the left pane.
Click on New client secret to create a client secret.
Enter a description and select when the secret expires. Click on Add to add the client secret.
Copy the value of the newly created client secret as shown below. This value is required to deploy the tool.
Reminder: Take note of the client secret and store it securely for deployment and future use for whenever it is required. The client secret is only visible at the time of creation and will NOT be visible again.
If the secret is lost another one will have to be created.
Create an app role
Select App roles from the left pane of the app registrations overview page.
Click on Create app role.\
Populate the fields and options as shown below and click on Apply. \
Field
Input parameter
Display name
Admin
Allowed member types
Users/Groups
Value
PBILoad.Admin
Description
Admins will have the capability to access admin features inside the tool.
Note: Ensure the value field is filled exactly as "PBILoad.Admin".
The admin feature of the tool will not work otherwise as the tool's code checks specifically for the "PBILoad.Admin" value. Without it, the user is unable to access the admin view of the tool.
Last updated