App Registration in Microsoft Entra ID
Register an Entra ID App (Azure Administrator)
To connect to a Power BI report from iceDQ, users must register an application in the Microsoft Entra ID (Azure Active Directory). This registration enables secure OAuth 2.0–based authentication between iceDQ and Power BI.
Steps to Register the Application
| Step | Instruction |
|---|---|
| 1 | Sign in to the Azure Portal. |
| 2 | Navigate to App registrations from the left menu. |
| 3 | Select New registration. |
| 4 | Enter a descriptive application name (e.g., iceDQ Power BI Connector). |
| 5 | Under Supported account types, choose Accounts in this organizational directory only (Single tenant). |
| 6 | In the Redirect URI (optional) section, select Web as the platform. |
| 7 | Click Register to create the application. |
| 8 | In the Overview page, copy the Application (client) ID. |
| 9 | In the same page, copy the Directory (tenant) ID. |
| 10 | Go to the Authentication tab. |
| 11 | Select Add a platform → choose Web. |
| 12 | Enter the iceDQ application URL as the redirect URI. Example: https://192.168.100.157:8443/ice/. |
| 13 | Under Implicit grant and hybrid flows, check both Access tokens and ID tokens to allow sign-in via OAuth. |
| 14 | Click Save. |
| 15 | Open the Certificates & secrets tab. |
| 16 | Under Client secrets, select New client secret. |
| 17 | Add a description (e.g., iceDQ Secret) and set the expiry (recommended: 12 months). |
| 18 | Click Add. |
| 19 | Copy and securely store the Value shown (this is the client secret). |
| 20 | Navigate to the API permissions tab. |
| 21 | Select Add a permission. |
| 22 | Under Microsoft APIs, choose Power BI Service. |
| 23 | Select Delegated permissions. |
| 24 | Check Dataset.Read.All and Dataset.ReadWrite.All. These allow iceDQ to read and write datasets in Power BI. |
| 25 | Click Add permissions. |
| 26 | (Optional but recommended) Click Grant admin consent to ensure the permissions are applied across the tenant. |