Skip to main content

Set Up Microsoft Azure API Application

Microsoft Azure allows you to create an app which you can use to sign in to connectors in Designer. The apps inherit the permissions of a user or you can limit the permissions even further. If you opt for a service principal, the permissions aren’t dependent on the user and the apps can access the data source resources without any user information. This will ensure that scheduled workflows will continue running even if, for example, the user who set them up leaves the company. Note that connectors require the users to sign in once even when they set up the connection to a service principal. See Application and service principal objects in Microsoft Entra ID for more information.

The app registration process is the same in both cases, but you can then choose to only grant permissions to the app or manage the service principal. See Overview of permissions and consent in the Microsoft identity platform to learn more about Delegated and Application permissions.

Dataverse requires an additional step of creating a user in Power Platform.

Register App

  1. Go to  Microsoft Azure.

  2. Sign in with your Microsoft Azure account.

  3. On the Home screen use Search, or go to the upper left corner menu to open the Microsoft Entra ID service.

  4. Select Manage and open App registrations in the left menu.

  5. Select + New registration.

  6. Enter the Name of the app.

  7. Choose desired account type – both Single tenant and Multitenant are allowed.

  8. In the optional Redirect URI part, select Web-page application (WPA) and enter the http://localhost/ URL.

    For older connector versions, refer to the table at the bottom of the page.Older Connector Versions

  9. Select Register.

    The Application (client) ID is your Client ID.

    The Directory (tenant) ID is your Tenant ID.

  10. Go to Certificates & secrets and add New client secret. Copy the Value as it won't be accessible again once you leave the page – this is your Client Secret.

Grant Permissions to App

Go to API permissions to add these Delegated permissions.

Connector

Delegated Permissions for App

ADLS

Azure Storage

  1. user_impersonationoffline_access

  2. user_impersonation

Dataverse

Microsoft Graph

  1. email

  2. offline_access

  3. openid

  4. profile

  5. User.Read

Dynamics CRM

  1. User_impersonation

Outlook 365

Microsoft Graph

  1. email

  2. openid

  3. offline_access

  4. profile

  5. User.Read

  6. User.ReadBasic.All

  7. User.ReadWrite

  8. Mail.Read

  9. Mail.ReadWrite

  10. Mail.ReadWrite.Shared

  11. Calendars.ReadWrite

  12. Calendars.ReadWrite.Shared

OneDrive

Microsoft Graph

  1. email

  2. offline_access

  3. openid

  4. profile

  5. Files.ReadWrite.All

  6. User.Read

Power Automate

Flow Service

  1. User

  2. Activity.Read.All

  3. Approvals.Manage.All

  4. Approvals.Read.All

  5. Flows.Manage.All

  6. Flows.Read.All

  7. Flows.Read.Plans

  8. Flows.Write.Plans

Power BI Output

Microsoft Graph

  1. Offline_access

  2. Openid

  3. User.Read

  4. email

  5. profile

Power BI Service

  1. Dataset.ReadWrite.All

  2. Workspace.Read.All

SharePoint

To maintian full functionality, add all of these permissions.

For SharePoint Files:

Microsoft Graph

  1. email

  2. offline_access

  3. openid

  4. profile

  5. User.Read

  6. Files.ReadWrite.All OR Files.Read.All

  7. Sites.Read.All

For SharePoint Lists:

SharePoint

  1. AllSites.Manage

  2. AllSites.Read

  3. AllSites.Write

  4. Sites.Search.All

Now you can use this app in the connector. To authenticate login, you will need your User Name, Password, Client ID, and Client Secret ID and Tenant ID provided with application registration.

For more information, visit Microsoft portal.

Manage Service Principal

Note

These permissions are required only for Service Principal.

Go to API permissions to add these Application permissions.

Connector

Application Permissions

Dataverse

Microsoft Graph

  1. Files.Read.All

  2. Files.ReadWrite.All

  3. Sites.Read.All

OneDrive

Microsoft Graph

  1. Files.Read.All

  2. Files.ReadWrite.All

  3. Sites.Read.All

Outlook 365

Microsoft Graph

  1. Calendars.ReadWrite

  2. Mail.ReadWrite

  3. User.Read.All

Power Automate

Not applicable.

Power BI Output

See Power BI Service Principal.

SharePoint

Microsoft Graph

  1. Sites.Selected

    Visit the Alteryx Community for more details.

AND/OR

SharePoint

  1. AllSites.Manage

  2. AllSites.Read

  3. AllSites.Write

  4. Sites.Search.All

Now you can use this app in the connector. To authenticate login, you will need your User Name, Password, Client ID, and Client Secret ID and Tenant ID provided with application registration.

For more information, visit Microsoft portal.

Power BI Service Principal

To use the custom API application...

  1. Create an Azure security group and add the Power BI app registration (service principal) to it.

  2. In the Power BI Admin Portal, go to Tenant Settings & Developer Settings. Turn on the option to Allow service principals to use Power BI APIs and add the security group under Apply to.

  3. Add the Power BI app registration to your workspace access as a member. For more details, see the Power BI documentation.

Create User in Power Platform

Create a user for your Dataverse app in Power Platform and add a security role:

  1. Go to Power Platform admin center.

  2. Select an environment.

  3. Select Settings. In Users + permissions, select Application users.

  4. Select New app user.

  5. Select Add an app and select your app.

  6. Select a Business unit.

  7. In Security roles, select an applicable role.

  8. Select Create.

Select these options and enter these URLs for older connector versions when you set up a custom API application.

Connector and version

Dropdown option

URLs

OneDrive version 2.0.2 and earlier

Single-page application (SPA)

https://cef.alteryx.com/designer/oauthcallback

https://login.live.com/oauth20_desktop.srf

Outlook 365 version 1.0.0

Power BI Output version 3.1.0 and earlier

SharePoint Files version 1.1.1 and earlier