User Credentials
Description
Use delegated access (User Credentials) whenever you want to let a signed-in user work with their own resources or resources they can access. Whether it's an admin setting up policies for their entire organization or a user deleting an email in their inbox, all scenarios involving user actions should use delegated access. [API reference]
Instructions
Follow these simple steps below to create Microsoft Entra ID application with delegated access:
automation@my-company.com).
When you use a personal account which is tied to a specific employee profile and that employee leaves the company,
the token may become invalid and any automated processes using that token will start to fail.
- Navigate to the Azure Portal and log in using your credentials.
- Access Microsoft Entra ID.
-
Register a new application by going to App registrations and clicking on New registration button:
INFO: Find more information on how to register an application in Graph API reference. -
When configuration window opens, configure these fields:
-
Supported account type
- Use
Accounts in this organizational directory only, if you need access to data in your organization only.
- Use
-
Supported account type
-
Redirect URI:
- Set the type to
Public client/native (mobile & desktop). - Use
https://zappysys.com/oauthas the URL.
- Set the type to
-
After registering the app, copy the Application (client) ID for later:
-
Copy OAuth authorization endpoint (v2) & OAuth token endpoint (v2) URLs to use later in the configuration:
-
Now go to SSIS package or ODBC data source and use the copied values in User Credentials authentication configuration:
- In the Authorization URL field paste the OAuth authorization endpoint (v2) URL value you copied in the previous step.
- In the Token URL field paste the OAuth token endpoint (v2) URL value you copied in the previous step.
- In the Client ID field paste the Application (client) ID value you copied in the previous step.
-
In the Scope field use the default value or select individual scopes, e.g.:
-
offline_access -
https://analysis.windows.net/powerbi/api/Workspace.Read.All -
https://analysis.windows.net/powerbi/api/Dataset.Read.All -
https://analysis.windows.net/powerbi/api/Dataset.ReadWrite.All
-
- Press Generate Token button to generate Access and Refresh Tokens.
- Click Test Connection to confirm the connection is working.
- Optional step. Choose Default Workspace from the drop down menu.
- Choose Default Dataset from the drop down menu.
- Done! Now you are ready to use the API Connector!
Parameters
| Parameter | Required | Default value | Options | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Name: AuthUrl Label: Authorization URL |
YES |
|
|||||||||||
|
Name: TokenUrl Label: Token URL |
YES |
|
|||||||||||
|
Name: ClientId Label: Client ID |
YES | ||||||||||||
|
Name: Scope
Label: Scope |
YES |
offline_access~https://analysis.windows.net/powerbi/api/Workspace.Read.All~https://analysis.windows.net/powerbi/api/Dataset.ReadWrite.All
|
|
||||||||||
|
Name: DatasetId Label: Default Dataset (select after generating tokens) |
YES | ||||||||||||
|
Name: ClientSecret Label: Client Secret |
|||||||||||||
|
Name: ReturnUrl Label: Redirect URI (must match App Redirect URI) |
|
||||||||||||
|
Name: WorkspaceId Label: Default Workspace (Keep Empty for My Workspace - select after generating tokens) |
|||||||||||||
|
Name: RetryMode Label: RetryMode |
RetryWhenStatusCodeMatch
|
|
|||||||||||
|
Name: RetryStatusCodeList Label: RetryStatusCodeList |
429|503
|
||||||||||||
|
Name: RetryCountMax Label: RetryCountMax |
20
|
||||||||||||
|
Name: RetryWaitTimeMs Label: RetryWaitTimeMs |
1000
|
||||||||||||
|
Name: RetryMultiplyWaitTime Label: RetryMultiplyWaitTime |
True
|
||||||||||||
|
Name: ExtraAttributesForAuthRequest
Label: Login options |
|