TABLE OF CONTENTS
Application Registrations
Two app registrations need to be created. One for analytics API, another for analytics UI. Following sections shows how to do that.
Set up API app registration
We need to complete following steps to setup analytics API app registration.
Step-1: Create API app registration
1. Go to App registrations in your Azure Entra ID
2. Click on "New registration"
3. Enter a name for the application, and "Accounts in this organizational directory only".
Step-2: Create application roles
We need to add the following roles in API app registration. Please make sure to use exact same values (case sensitive).
| Display name | Value | Description |
|---|---|---|
| Admins | Administrator | Can read/write data and add Metadata and Metadata Fields/Values |
| Writers | DataWriter | Can write data to Ilap Analytics but cannot modify Metadata and Metadata Fields/Values |
| Readers | DataReader | Can read data from Ilap Analytics. Writing is not permitted |
To add role, please follow the steps below:
1. From API app registration page, click "App roles" from left menu.
2. Click on "Create app role". Add the Admins role
3. Add the Writers role
4. Add the Readers role
Step-3: Expose API
For Api, you need to expose an Api so that we can authenticate to it from the corresponding UI app registration. Go to the Expose API section from the left menu (or simply just search it)
1. add an Application ID URI by clicking on "Add" to the right of the "Application ID URI" in the screen shot below
2. Just keep the default value. And hit save.
3. Now, click on "Add scope"
Add a "user_impersonation" scope as shown below. Make sure you select the option Admins and users on the section "who can consent".
5. Add a "read" scope as shown below. Make notes about the scopes that you defined as these are required when configurating the Web application later
6. Now, add graph API permissions. From left menu, click "Api permissions" and then click Microsoft Graph. For permissions, select email and profile.
7. Finally, grant admin consent (You need to have either Global Admin or Privileged Role Admin role to do this.)
Step-4: Add users to the application
To permit users to access the applications, we need to add them as groups/users in the Enterprise Applications. You will find the same application name here as in the app registrations. Access is granted on the Api applications only.
1. Search for "ilap analytics api" application as shown below
2. Click on the applications to open it and select "users and groups" from the menu to the left.
3. Then you can click "Add user/group" as shown below.
4. Select which users to add from the user list and click "Select". (Alternatively, you can select existing group from group tab. Your users should be part of that group.)
5. Select which application role for the selected users
6. Verify your selection and click "Assign"
7. The new users will now appear in the list with the assigned role as shown below
Set up UI app registration
We need to complete following steps to setup analytics UI app registration.
Step-1: Create UI app registration
1. Go to App registrations in your Corporate Entra ID. Click on "New registration".
2. Enter a name for the application, and select "Accounts in this organizational directory only".
Make sure you keep the Redirect URI as "Single-page application" and enter the URL of your Web application as redirect URI. (If you are using custom domain for analytics API, then use custom domain URL (add '/api') here, instead of the default URL (i.e. URL that contains "
[api-app-name].azurewebsites.net/api"))
3. Click on "Add a platform"
4. Make sure to allow public client follow
The ClientID for application registrations are required to set up authentication from Web.ui and IlapAdapter Windows client. The ClientID is found from the Overview of the app registrations as shown in the figure below.
Make a note of the ClientID as it is required for setting up the applications.
Step-2: Application owners
You should register at least one application owner; some companies have as policy that at least two permanent employees be registered as owner.
Select "Owners" from the left menu and click on "Add owners" button as shown below
Select which users you would like to assign owner role to and click "Select" button as shown below
3. You should now see a list of owners for your app registration as shown below
Step-3: User permissions for APP
To authenticate users, app needs to access user's profile. Go to UI app registration.
1. From left menu, click on "Api Permissions", then click on "Add a permission". From "Microsoft APIs" select "Microsoft graph"
2. Then provide delegated permissions as shown below.
We need to provide API access to web app. So, go to UI app registration.
1. From left menu, click on "Api Permissions", then click on "Add a permission"
2. Then, from "APIs my organization uses" find the API you've just exposed from API registration
3. Now, provide delegated permission as shown below. This will allow UI app to access API on behalf of signed-in user
4. Now grant admin consent for your tenant. (You need to have either Global Admin or Privileged Role Admin role to do this.)
Step-5: Add desktop platform for IDE client
If you use analytics connector in IDE desktop client, where connector is using AD sign in, then you'll have to add a desktop platform in the same UI app registration. To do that follow the steps below:
1. Go to the UI app registration. From "Authentication" tab add new platform as shown in the picture
2. Then add the following redirect URI as shown in the image
Redirect url: http://localhost/oauth2/callback
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article