Create an app registration for the LoadFAST API

Follow the steps below to create and configure an app registration for the EmbedFAST API. This is needed for authentication/authorization purposes.

Create an app registration

To create an app registration, you must have one of the following Microsoft Entra roles:

• Global Administrator

• Cloud Application Administrator

Note: A Global Administrator is typically the person who signs up for the Microsoft Entra ID tenant. View the guide on assigning Microsoft Entra roles to users for more information.

1. Log into the Azure portal.

2. Type “Microsoft Entra ID" in the search bar and select said option as it appears.

   
3. Select App registrations (under Manage) from the left pane and click on New registration. This will take you to the Register an application page.

   

   
4. Enter an application name in the Name section. We have named it PowerBILoadAnalyzer, and will refer to it as such throughout the documentation.

5. Under the Supported account types section, select one of these options:

   • Accounts in any organizational directory (------ only - Single tenant) option (in our example, the "------" is MAQ Software, but this blank should have the name of your tenant instead).

   • Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) option.

   Note: Either option will work. The choice between them depends on factors such as organizational policies, preference, etc.

6. Click on Register to create the application.

7. After the app registration is created, you will see a summary page listing the details of your application.

   Note: Note down the display name, application (client) ID, and directory (tenant) ID. These details will be required as part of the set up process.

1. Select Manifest (under Manage) from the left pane to modify the JSON Representation as follows:

1. Set the “allowPublicClient” property to true.

2. Set the “oauth2AllowIdTokenImplicitFlow” property to true.

3. Click on Save after the 2 changes are made.

Add Microsoft Graph API permissions

1. Select API permissions from the left pane of the app registrations overview page.

   
2. Click on Add a permission on the API Permissions page.

3. A menu titled Request API permissions will appear on the right side.

   
4. Click on Microsoft Graph.

   
5. Click on Delegated permissions.

   
6. Scroll to the bottom to the User section and expand the drop-down menu.

7. Select the User.Read permission shown below:

   
8. Click on Add permissions to confirm the changes.

Add Power BI Service permissions

1. Click on Add a permission on the API Permissions page to open the Request API Permissions menu.

   
2. Select Power BI Service. You may need to scroll down on the menu to view this option.

   
3. Click on Delegated permissions.

   
4. Scroll to the Dataset, Report, and Workspace section and expand their drop-down menus.

5. Select the permissions detailed below:

   

   • Dataset -> Dataset.Read.All

   • Report -> Report.Read.All

   • Workspace -> Workspace.Read.All

6. Click on Add permissions to confirm the changes.

Create a client secret

Create a client secret for the app registration created earlier by following the steps detailed below:

Note: The client secret will only be visible at the time of creation. Take note of it and store it securely for future use for whenever the client secret is required.

1. Type “App registrations" in the Azure portal search bar and select said option as it appears.

   
2. Click on Owned applications to see a list of applications you registered. Search for the application you created earlier.

   
3. Click on the application's name to access its details page.

4. Select Certificates & secrets (under Manage) from the left pane.

1. Click on New client secret to create a client secret.

1. Enter a description and select when the secret expires. Click on Add to add the client secret.

1. Copy the value of the newly created client secret as shown below. This value is required to deploy the tool.

Reminder: Take note of the client secret and store it securely for deployment and future use for whenever it is required. The client secret is only visible at the time of creation and will NOT be visible again.

If the secret is lost another one will have to be created.

Create an app role

1. Select App roles from the left pane of the app registrations overview page.

   
2. Click on Create app role.

   
3. Populate the fields and options as shown below and click on Apply.

   

Field	Input parameter
Display name	Admin
Allowed member types	Users/Groups
Value	PBILoad.Admin
Description	Admins will have the capability to access admin features inside the tool.

Note: Ensure the value field is filled exactly as "PBILoad.admin".

The admin feature of the tool will not work otherwise as the tool's code checks specifically for the "PBILoad.admin" value. Without it, the user is unable to access the admin view of the tool.