Before ingesting Azure Data Factory metadata into Dawiso, prepare your account for authentication by configuring an Azure Application and granting the necessary permissions.

Supported Azure Data Factory versions

Connection prerequisites

  • An active Azure Portal subscription (you can create one for free)
  • Microsoft Entra ID administrative access

Connection configuration

In this guide, you will:

  1. Configure an Azure application.
  2. Generate a Client Secret.
  3. Test the application for a successful connection to Azure AD.
  4. Configure a Power BI Tenant to allow Service Principals to read the new Admin API.
  5. Allow Service Principal access to individual workspaces.

Register a new application

You need to register a new application in Microsoft Entra ID.

  1. In your Azure Portal, navigate to Microsoft Entra ID.
  2. In the left menu, select the App Registrations. Click the + New Registration button. Register_New_Application.png
  3. Choose a name name for your application, e.g., Dawiso Integration. You can keep default values for the rest of the form.
  4. Click Register and wait for the deployment to finish. Register_New_Application_Form.png

Client and tenant IDs

On the Overview page, you can find important values that identify your application. These will be used in the connection setup in Dawiso:

  • Application (client) ID is the unique identification of the application.
  • Directory (tenant) ID is the unique identification of your tenant (organization).

Generate Client Secret

Now, you will need to generate a client secret to later authenticate the connection.

  1. In the left menu, select Certificates & secrets.
  2. Here, click + New client secret. Generate_New_Secret.png
  3. Choose a descriptive name for the client secret and select an expiration date that fits your organization’s requirements. Generate_New_Secret_Details.png
  4. Click Add to finish creating the secret.
  5. Once the secret is created, make sure to copy the value and store it somewhere safe for later use. The secret cannot be displayed twice. Generate_New_Secret_Copy_Value.png
Warning

The secret value is displayed only once. Copy and save it immediately, otherwise you will need to generate a new client secret if it is lost.

Grant Access to Data Factories

You can grant permissions at different scopes depending on how broad you want scanning to be:

  • Subscription level → the service principal can read all Data Factories in that subscription.
  • Resource group level → the service principal can only read Data Factories inside that RG.
  • Factory level → the service principal can read only a single ADF.

For scanning multiple ADFs, subscription or resource group scope is usually easiest.

Assign the Built-In Reader role

  1. Navigate to the scope you chose:
  • Subscription → Subscriptions → pick the right one.
  • Resource Group → Resource groups → pick the right one.
  • Factory → Data factories → pick the right factory.

  1. In the left panel, select Access control (IAM).

  2. Click Add → Add role assignment.

  3. In the Role tab:

  • Search for Reader.
  • Select Reader and click Next.
  1. In the Members tab:
  • Choose User, group, or service principal.
  • Click Select members.
  • Find your service principal (app name) and select it.
  1. Click Review + assign.