Skip to main content

Set Up Microsoft Azure API Application

Microsoft Azure allows you to create an app which you can use to sign in to connectors in Designer. The apps inherit the permissions of a user or you can limit the permissions even further. If you opt for a service principal, the permissions aren’t dependent on the user and the apps can access the data source resources without any user information. This will ensure that scheduled workflows will continue running even if, for example, the user who set them up leaves the company. Note that connectors require the users to sign in once even when they set up the connection to a service principal. See Application and service principal objects in Microsoft Entra ID for more information.

The app registration process is the same in both cases, but you can then choose to only grant permissions to the app or manage the service principal. See Overview of permissions and consent in the Microsoft identity platform to learn more about Delegated and Application permissions.

Dataverse requires an additional step of creating a user in Power Platform.

Register App

  1. Go to  Microsoft Azure.

  2. Sign in with your Microsoft Azure Active Directory account.

  3. On the Home screen use Search, or go to the upper left corner menu to open the Azure Active Directory service.

  4. Open App registrations in the left menu.

  5. Select + New registration.

  6. Specify the Name of the app.

  7. Choose desired account type – both Single tenant and Multitenant are allowed.

  8. In the optional Redirect URI part, select Web-page application (WPA) and enter the http://localhost/ URL.

    For older connector versions, refer to the table at the bottom of the page.

  9. Select Register.

    The Application (client) ID is your Client ID.

    The Directory (tenant) ID is your Tenant ID.

Grant Permissions to App

Go to Client credentials and add New client secret. Copy the Value as it won't be accessible again once you leave the page - this is your Client Secret.

Go to API permissions to add these Delegated permissions.

Connector and Version

Delegated Permissions

ADLS

Azure Storage

  1. user_impersonation

  2. offline_access

Dataverse

Microsoft Graph

  1. offline_access

  2. openid

  3. User.Read

  4. email

  5. profile

Dynamics CRM

  1. User_impersonation

OneDrive

Microsoft Graph

  1. Files.ReadWrite.All

  2. offline_access

  3. openid

  4. User.Read

  5. email

  6. profile

Outlook 365

Microsoft Graph

  1. openid

  2. offline_access

  3. profile

  4. email

  5. User.Read

  6. User.ReadBasic.All

  7. User.ReadWrite

  8. Mail.Read

  9. Mail.ReadWrite

  10. Mail.ReadWrite.Shared

  11. Calendars.ReadWrite

  12. Calendars.ReadWrite.Shared

Power Automate

Flow Service

  1. User

  2. Activity.Read.All

  3. Approvals.Manage.All

  4. Approvals.Read.All

  5. Flows.Manage.All

  6. Flows.Read.All

  7. Flows.Read.Plans

  8. Flows.Write.Plans

Power BI Output

Microsoft Graph

  1. Offline_access

  2. Openid

  3. User.Read

  4. email

  5. profile

Power BI Service

  1. Dataset.ReadWrite.All

  2. Workspace.Read.All

SharePoint Files

Microsoft Graph

  1. Files.ReadWrite.All

  2. offline_access

  3. openid

  4. User.Read

  5. Sites.Read.All

  6. email

  7. profile

  8. Files.Read.All

SharePoint Files version 2.0.1 and later.

SharePoint

Note - In addition to the Microsoft Graph permissions.

  1. AllSites.Manage

  2. AllSites.Read

  3. AllSites.Write

  4. Sites.Search.All

Manage Service Principal

Go to Certificates & secrets and add New client secret. Copy the Value as it won't be accessible again once you leave the page – this is your Client Secret.

In API permissions,add these Application permissions.

Connector and Version

Application Permissions

Dataverse

Microsoft Graph

  1. Files.Read.All

  2. Files.ReadWrite.All

  3. Sites.Read.All

OneDrive

Microsoft Graph

  1. Files.Read.All

  2. Files.ReadWrite.All

  3. Sites.Read.All

Outlook 365

Microsoft Graph

  1. Calendars.ReadWrite

  2. Mail.ReadWrite

  3. User.Read.All

Power Automate

No info in Drupal / Not applicable.

Power BI Output

See Power BI Service Principal.

SharePoint version 2.2.0 and later.

Microsoft Graph

  1. Sites.Selected

Visit the Alteryx Community for more details.

Now you can use this app in the connector. To authenticate login, you will need your User Name, Password, Client ID, and Client Secret ID and Tenant ID provided with application registration.

For more information, visit Microsoft portal.

Power BI Service Principal

To use the custom API application...

  1. Create an Azure security group and add the Power BI app registration (service principal) to it.

  2. In the Power BI Admin Portal, go to Tenant Settings & Developer Settings. Turn on the option to Allow service principals to use Power BI APIs and add the security group under Apply to.

  3. Add the Power BI app registration to your workspace access as a member. For more details, see the Power BI documentation.

Create User in Power Platform

Create a user for your Dataverse app in Power Platform and add a security role:

  1. Go to Power Platform admin center.

  2. Select an environment.

  3. Select Settings. In Users + permissions, select Application users.

  4. Select New app user.

  5. Select Add an app and select your app.

  6. Select a Business unit.

  7. In Security roles, select an applicable role.

  8. Select Create.

Older Connector Versions

Select these options and enter these URLs for older connector versions when you set up a custom API application.

Connector and version

Dropdown option

URLs

OneDrive version 2.0.2 and earlier

Single-page application (SPA)

https://cef.alteryx.com/designer/oauthcallback

https://login.live.com/oauth20_desktop.srf

Outlook 365 version 1.0.0

Power BI Output version 3.1.0 and earlier

SharePoint Files version 1.1.1 and earlier

In this section: