Skip to content

Create Azure Resources for Self Hosted Advanced Analytics

This section guides you through the provisioning and configuration of the Azure resources in the customer tenant which are required to set up Advanced Analytics.

Disclaimer

Please note that this is a guideline, and the setup will still need to be verified by your company security board to ensure your company standards and policies have been adhered to. IFS takes no responsibility for any data breach for any artifact hosted outside of the IFS domain.

Prerequisites

  • An Azure Subscription in the customer tenant
  • Privileges to create a Power BI Workspace
  • Privileges to link workspaces to the Power BI Embedded Capacity
  • In case of reports that are running in live connection to Azure Analysis Services (AAS) mode, a configured AAS.

Create a Service Principal

Follow the steps below to create a service principal.

Note

Azure is not a service maintained by IFS, the steps may have since changed. When in doubt, please refer to the documentation on Microsoft Learn.

  1. First, you should navigate to the App Registrations page on the Azure Portal.

  2. Then, click on New Registration.

  3. Now, you should fill in the following form displayed.

    App Registration Form

  4. Finally, click on the Register button.

  5. Once the App Registration is completed, click on Certificates & secrets.

  6. Click on New client secret.

    Certificates and Secrets

  7. Fill in the required information.

Note

Remember to save the secret information as it must be submitted to IFS or to be included in the yaml file.

New Client Secret

Note

If you intend to create Power BI reports using a live connection to AAS, this Service Principal must be given access to all required resources on the AAS instance.

Setting up Power BI Embedded solution when connecting Azure BI Infrastructure to Cloud/Remote

This section provides details on what relevant details to fetch from Azure portal after the App registration process.

IFS service center form - for Advanced Analytics Corresponding value
App registration client ID linked to the Service 1. Application (client) ID from App registrations page
Azure Tenant ID 2. Directory (tenant ID) from App registrations page
Azure AD SPN Object ID 3. Object ID from the Enterprise Application page
Azure AD SPN Client Secret value Certificates & Secrets (as noted above)

App Registration:

Enterprise Application:

Read more about connecting Azure BI Infrastructure to IFS Cloud.

Scenario 2:

Note

During an App registration process, these two objects are created: Application and Service Principal. In the custom values yaml file, the Object ID needs to have the value from the Enterprise Applications page (object type= Service Principal). Service Principals can be listed in Enterprise Applications.

Read more about connecting Azure BI Infrastructure to IFS Cloud Remote..

Create a group that will be allowed to call the Power BI APIs

This group contains the Service Principal you created in the section above.

  1. Navigate to the Groups page on the Azure Portal.

  2. Select New Group.

  3. Fill in the form displayed below.

    New Group

  4. Add the Service Principal from the previous step to the owners of this group. Then this can be used to add additional users/service principals.

Add New Owner

Add the new group to the list of groups that are allowed to use the Power BI APIs

  1. Navigate to the Admin portal of Power BI.

  2. In Developer settings, enable the setting that says Allow service principals to use Power BI APIs.

    Allow Service Principals

  3. From the radio buttons, select Specific security groups.

  4. Add the group created in the section above.

  5. Finally, click on the Apply button.

Create a Power BI-embedded Capacity

Follow the steps below to create a Power BI Embedded Capacity.

Note

Azure is not a service maintained by IFS, the steps may have since changed. When in doubt, please refer to the documentation on Microsoft Learn.

  1. Navigate to the Power BI Embedded page on the Azure Portal.

  2. Fill out the following form.

    Create Capacity

  3. Finally, click on the Review + Create button.

Create a new Power BI Workspace

  1. Go to Power BI.

  2. Expand workspaces.

    Workspace Menu

  3. At the bottom of the expanded menu, click the New workspace button.

    New Workspace Button

  4. Provide a name for the new workspace.

  5. Click on the Advanced button.

  6. For the License mode, select Embedded.

  7. Specify the Power BI Embedded capacity created in the previous section.

  8. Click on the Save button.

Configure Workspace

Give the Service Principal Access to the Workspace

  1. Go to Power BI.

  2. Open the workspace that was created using the steps outlined in the section above.

  3. Click on the Access tab.

    Access

  4. Type the name of the Service Principal created in the section above.

  5. Select Admin as role.

    Admin Role

  6. Finally, click on the Add button.