5.23.27. Unlock Azure services

<< Click to Display Table of Contents >>

Navigation:  5. Detailed description of the Actions > 5.23. Cloud services >

5.23.27. Unlock Azure services

 

Icon: clip2091

 

Function: unlockAzure

 

Property window:

 

clip2090

 

Short description:

 

Unlock access to Azure services

 

Long Description:

 

You need to get your Azure credentials (i.e. you need to get from Azure these 2 parameters: your “Application (client) ID”, and your “Anatella Secret Token”) before using any of the following Actions:

 

OneDrive:
 

oList the files on a OneDrive (section 5.23.35)

oDownload files from a OneDrive (section 5.23.36)

oUpload files to a OneDrive (section 5.23.37)

oDelete files stored in a OneDrive (section 5.23.38)
 

Email
 

oReceive Emails from an Azure account (section 5.23.53)

oSend Emails using an Azure account (section 5.23.54)

 

SharePoint
 

oRetrieve Lists and Objects from a SharePoint site (section 5.23.28)

oAdd items inside a SharePoint List (section 5.23.29)
 

PowerBI: Add/Update/Delete datasets inside PowerBI (section 5.23.90)

 

Manage Contact from Azure users and List All users (section 5.23.98)
 

 

clip2092

All these Azure fonctionnalities require you to pay to Microsoft. You must pay even for the most basic functionalities such as listing some files on your OneDrive. Hopefully, if you buy the “Office 365 E1” (On the 2022-11, the cost is: 11.80€/month or 100.8€/year) you already get access to your OneDrive, to your Email and to SharePoint.
 
A limited version of PowerBI is also accessible for free.

 

 
The procedure to get your Azure Credentials (i.e. to get a “Application (client) ID” and an “Anatella Secret Token”) is the following:
 
 

1.First, a word of caution:

 

You will need your “Application (Client) ID” and an “Anatella Secret Token” to use (nearly) all the Azure Services actions inside Anatella.

 

There are no ways to copy/paste back these 2 informations from one Anatella action to another (this is, of course, “by design”).

 

So, you should keep yourself these 2 informations in a secure place, if you intend to re-use them later.

 
The steps 1 to 19 must only by performed once by an Azure Administrator. The easy steps 20,21 & 22 must be performed by all the users that want to access Azure data.
 
 

2.Open the URL   https://portal.azure.com  and “log-in” using your normal “Login” and “Password” for Azure. Then, type “App Registration” in the searchbar number1 and click on the corresponding icon number2:

 

clip2093

 

 

3.We will create a new Azure App: Click the “New registration” button:

 

clip2094

 

 

4.Give a name to your Azure App (you can use any name) number1

 

clip2095

 

 

5.For the redirect URI: select the “Public client/native (mobile&desktop)” number2 type of application and enter:
 
https://timi.eu/oauth/AzureAccess.php

 

 …as the “redirect URI”. number3
 

WARNING: This is a very important step: the URI must be exactly the one given here above (this is case sensitive).
 

 

6.Click the “Register” button at the bottom of the page to go to the next page.number4

 

 

7.You are now receiving the Anatella parameter P1 and P2 (i.e. your “Application (client) ID” and your “Tenant ID”): They are here number1:

 

clip2096

 
 

8.Click on “API Permissions” in the left panel here number2:
 
 

9.Grant Permission to access SharePoint  (you can skip the section 9 if you don’t intend to access SharePoint)

 
 

9.1 Click the “+ Add permission” button here:

 

clip2097

 
 

9.2 Click on “Microsoft Graph”:

 

clip2098

 
 

9.3 Click on the “Delegated Permissions” button : number1

 

clip2099

 

 

9.4 Write “site” in the search box here: number2  ..and tick the checkbox named “Sites.FullControl.all” here : number3

 
 

9.5 Click  on  the  “Add permissions” button: number4

 
 

9.6 Click on the “Grant admin consent for…” button:

 

clip2100

 

 

9.7 You should see “Grant consent succesful” in the top left corner of your browser:

 

clip2101

 

 

9.8 You should see the “clip2102…” message here: number1
 

clip2103

 

 

9.9 Click on the clip2104 icon for the “user Read” permission: number2   …and click “Revoke admin consent”: number3

 
 

10.Click the “+ Add permission” button here: number4  
 
 

11.Click on “Microsoft Graph”:
 

clip2105
 

12.Click on the “Delegated Permissions” button: number1
 
clip2106
 
 

13.This permission is required to use OneDrive:
 
Write “file” in the search box here: number2  ..and tick the checkbox named “Files.ReadWrite.all” here: number3
 
(do not enable this permission if   you don’t intend to access OneDrive)
 
 

14.This permission is required to send/receive emails using Office 365:
 
Write “mail” in the search box here: number1  ..and tick the checkboxes named “Mail.ReadWrite” and “Mail.send” here: number2 . (do not enable this permission if you don’t intend to send/receive emails using office 365)
 
clip2107
 
 

15.Click the “Add Permissions” button number3
 
 

16.Grant Permission to access PowerBI (do not follow section 16 if you don’t intend to access PowerBI)

 
16.1 Click (again) on the clip2108 button
 

 
16.2 Scroll down and click on “Power BI Service”:

 

clip2109

 
 

16.3 Check the permissions named “Dataset.ReadWrite.All” number1 and “Workspace.ReadWrite.All” number2 :

 

clip2110

 

16.4 Click the clip2111  button number3.

 

17.Grant permission to manage the Contacts of the users (Do not follow the section 17 if you don’t intend to use the AzureAddContact Action)
 

17.1 Click (again) on the clip2112 button
 
 

17.2 Click on “Microsoft Graph”:

 

clip2113

 

 

17.3. Click on the “Delegated Permissions” button: number1

 

clip2114

 

 

17.4 Write “contact” in the search box here: number2  

 

     ..and tick the checkboxes named “Contact.ReadWrite” here number3

 
 
17.5 Click the clip2115  button number4
 

 

18.Grant permission to list the users inside your Organization (Do not follow the section 18 if you don’t intend to use the special operation “List Users” (Parameter P6) from the AzureAddContact Action). This step requires admin. consent.

 

18.1 Click (again) on the clip2116 button

 
18.2 Click on “Microsoft Graph”:
 

clip2117

 

 

18.3 Click on the “Delegated Permissions” button: number1

 

clip2118

 

 

18.4 Write “user.read” in the search box here: number2  
 

     ..and tick the checkboxes named “User.Read.All” here number3

 
 
18.5 Click the clip2119  button number4
 
 

18.6 Click on the “Grant admin consent for…” button:

 

clip2120

 
 

18.7. You should see “Grant consent succesful” in the top left corner of your browser:
 
clip2121

 

 

19.If you enabled all permissions, you should now see:
 
clip2122

 
 

20.Go back inside Anatella. Enter the parameters P1 and P2 (i.e. your “Application (client) ID” and your “Tenant ID” obtained during the step 7 of this procedure) inside the clip2123 AzureUnlock action. Just in case: you can click on the clip2124   button on the top of the left panel to see again these two parameters:
 

clip2125

 
 

21.Run the clip2126 AzureUnlock action. An internet browser opens. Sign-in into the account that possesses the OneDrive/Email/SharePoint/PowerBI that you want to access. Click on “Accept”:

 

clip2127

 
 

22.You finally get your “Anatella Secret Token”:

 

clip2128

 

 

clip2129

Don’t stop directly once you have your Anatella Secret Token!
 
I strongly advise you to also secure your Azure account by following the procedure given inside the next section 5.23.27.1.!

 

clip2131

Sometime, instead of the “Success !” page (that you see here just above), you get:
 
    clip2130
 
…followed by a bunch of garbage codes.
 
Don’t worry: That’s just Azure that is a little bit slow. Your new application settings need a little bit of time to propagate. Just wait a few seconds and run again the clip2132 AzureUnlock action and, at some point, it will give you the required “Anatella Secret Token”.