# Entra ID App

## Entra ID Application

Inforiver will use multiple Office 365 APIs to fetch relevant information like Power BI Report metadata, User emails and groups, SharePoint and OneDrive integration. For this Azure AD application, steps needs to be created in your tenant by following the steps mentioned below. The details would be needed from app while we deploy our application.

### Steps to Create

Following are the steps to create Azure AD application and collect the required details to continue the Inforiver deployment.

### APP Registration

As a first step you have to register a new app in your Azure AD.

* Login into your Azure Portal
* Click on Manage Azure Active Directory from the menu tab
* Click App registrations in the left sub menu
* Click the New Registration tab in the top menu bar as shown in the blow screenshot.

<figure><img src="/files/DMLv557BHLRCTVFOTjRM" alt=""><figcaption><p>App Registration</p></figcaption></figure>

* Enter an **Application Name** to be displayed to the users - In the section Who can use this application, select Accounts in this organizational directory only - In the section Redirect URI, please leave it for now. We have to come back once we get the URL of the application. - Click Register to register the application.

<figure><img src="/files/PkFG1DOHelTAzGjixZXj" alt=""><figcaption><p>Application Registration Page</p></figcaption></figure>

### Configuration

Please follow the steps to continue the configuration of the Azure AD application.

### Permissions Configuration

The Azure AD app needs to have certain permissions enabled for Inforiver to work properly. Please follow the steps below to enable those permissions.

{% hint style="info" %}
To view the complete list of required and optional permissions and why Inforiver requires these permissions, please read through the below page.
{% endhint %}

{% content-ref url="/pages/V77zN2gHUzN80FQqJGiD" %}
[O365 Permissions](/inforiver-enterprise-on-prem/architecture-concepts/o365-permissions.md)
{% endcontent-ref %}

* Go to the API Permissions menu of the Azure AD App that you created in the previous step.
* Click **Add a Permission**, then select <mark style="color:blue;">**Microsoft Graph**</mark> **->** <mark style="color:orange;">**Delegated Permissions**</mark> and select the following permissions:
  * <mark style="color:yellow;">email</mark>
  * <mark style="color:yellow;">openid</mark>
  * <mark style="color:yellow;">profile</mark>
  * <mark style="color:yellow;">User.Read</mark>
  * <mark style="color:yellow;">User.ReadBasic.All</mark>
  * <mark style="color:yellow;">Group.Read.All</mark>
  * <mark style="color:yellow;">GroupMember.Read.All</mark>
* After selecting all the above permissions, click the **Add Permissions** button at the bottom.
* Now, click **Add a Permission** once again, then go to <mark style="color:blue;">**Power BI Service**</mark>**&#x20;->** <mark style="color:orange;">**Delegated Permissions**</mark>. Select the following permissions:
  * <mark style="color:yellow;">Dataset.Read.All</mark>
  * <mark style="color:yellow;">Report.Read.All</mark>
  * <mark style="color:yellow;">Workspace.Read.All</mark>
  * <mark style="color:yellow;">App.Read.All</mark>
  * <mark style="color:yellow;">Dashboard.Read.All</mark>
* After selecting all the above permissions, click the **Add Permissions** button at the bottom.
* Similarly, click **Add a Permission**, then select <mark style="color:blue;">**Azure Storage**</mark> **->** <mark style="color:orange;">**Delegated Permissions**</mark>. Select the permission:
  * <mark style="color:yellow;">user\_impersonation</mark>
* Click the **Add Permissions** button at the bottom.
* Grant admin consent for the entire organization to authorize this application for your users.

<figure><img src="/files/7NHDEsSfucKqNJDwKtA9" alt=""><figcaption><p>Example App Permissions. You don't have to provide all the permissions shown here.</p></figcaption></figure>

{% hint style="danger" %}
If your organization have a policy which disallows users to provide consent to the application on their own, then make sure that you have provided admin consent for the entire organization.
{% endhint %}

### Credentials Collection

As the final step, you have to generate a client secret and collect the necessary details for the deployment.

* [ ] Go to the Overview menu of the application, copy, and save the Application (Client) ID from the top details.
* [ ] Copy and save the Directory (Tenant) ID from the top details section of the Overview menu.

<figure><img src="/files/h4nqoBvxgmn440JHYx6l" alt=""><figcaption><p>App Overview</p></figcaption></figure>

* [ ] Go to Certificates and Secrets menu, then create the New Client Secret. Select the appropriate validity based on your organization policy and press Add button. You will be shown a secret value and make sure to copy and save it for the deployment. Secret Value won't shown to you once again. You have to recreate it once again.

<figure><img src="/files/WtXYEEONpvmLayDNqCGB" alt=""><figcaption><p>Secret Generation</p></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.inforiver.com/inforiver-enterprise-on-prem/before-you-start/entra-id-app.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.