Introduction
One of the key features of Webdashboard is that you can let everyone login to get access to your Power BI reports in Webdashboard. With no difference for whether these are customers, suppliers, or for example the CEO or a cashier. There are two ways to provide access:
- You can invite everyone with an e-mail address.
Everyone gets a personal Webdashboard account through which they can login to your environment. - You can connect your own user management system to Webdashboard.
This includes Azure EntraID and Google Workspace. This way your users get access to Webdashboard with Single Sign On, and with the same username and password they use in your other environments.
- What benefits you will have by connecting Webdashboard to your Azure EntraID.
- How you connect Azure EntraID to Webdashboard.
- How you add Azure EntraID users to Webdashboard.
- How you can Sync users in Azure EntraID groups to Webdashboard|.
Benefits connection Azure EntraID
By setting up a connection between EntraID and Webdashboard, you can allow invited users to sign in to Webdashboard with their own work accounts. On the Sign-in page, a user can simply enter the email (UPN) they use to sign in to EntraID. After clicking Next they will see the familiar EntraID sign-in page of your company. After signing in they are logged into Webdashboard. When already signed in to a work account, step 2 will not be visible to the user.
Connecting Your EntraID
To enable EntraID you will need to configure an application registration in your EntraID. An app registration is a safe way for a system administrator to give access to your EntraID with only the minimum rights needed. Webdashboard needs the following rights:
- Sign In Users (delegate permission, users sign in by themselves)
- Read Directory data (application permission, for Entra groups)
- Read User data (Application permission, for Entra user profiles)
After you created the app registration you’ll add the application to Webdashboard and you’re set to go.
The steps on the following pages will guide you through this process in more detail.
Step 1: Create the application registration
Browse to your Azure Active panel, make sure you login with an administrator account https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview.
Now to navigate to App registrations and create a New registration
Figure 4 - New app registration
Now give the application a clear name, choose the accounts you want to give Webdashboard access to (Single Tenant is the most common option). Next, make sure to fill out the Redirect URL:
https://backend.webdashboard.com/api/Authentication/ActiveDirectory
Figure 5 - Create the application
Step 2 - Configure Authorization
After creating the application go to Authentication and add these URI’s:
https://devapi.webdashboard.com/api/Authentication/ActiveDirectory
https://app.webdashboard.com/en/teams-app/callback
Check the Access tokens checkbox.
Finally, click Save.
Figure 6 - Add authorized URI's
Step 3 - API permissions
Navigate to API permissions, then open the Add a permission screen for Microsoft Graph.
Figure 7 - Open the Microsoft Graph permissions selection
Now add the following permissions:
- Openid (delegate -> permission)
- Directory.Read.All (application -> Directory)
- User.Read.All (application -> User)
Now the screen should look like in Figure 8. If so click Grant admin consent.
Figure 8 - Grant admin consent
Step 4 - Configure a secret
Navigate to Certificates & secrets and create a New client secret. Make sure to mark the expire date in your calendar, to create a new secret when this secret expires.
Figure 9 - Create a client secret
Step 5 - Add the app registration to Webdashboard
Navigate in https://app.webdashboard.com to the settings and click on Identity Providers.
Figure 10 - Open Identity providers connection popup
Fill out the information from your app registration:
- Application (client) ID
- Directory (tenant) ID
- Client secret
Figure 11 - Application overview
Figure 12 - Certificates & secrets
Click Next in Webdashboard and you are connected!
EntraID Users
Now that everything is connected, you can start adding Entra Users to Webdashboard. Navigate to Webdashboard’s User overview and choose Import users from EntraID
Figure 13 - Import Entra Users
In the popup search for the users you want to add and drag them to the right. People with access will already be on the right side. All the users you add need a Webdashboard license. Make sure you have enough in your subscription.
Figure 14 - Search for the user you want to add
User Cards
The Entra users will appear with an EntraID logo on their user card and a Row Level Security (RLS) field. This is not the e-mail, but their UPN. This is used by Webdashboard for RLS. Note: the UPN is found behind the shield logo on the user card and can only be changed in EntraID, not in Webdashboard.
To give a user access to a Workspace, click the shield logo in the user card menu.
To edit the default landing page, click the pen button in the user card menu.
Figure 15 - AAD User card
EntraID Groups
Entra Groups (Office or security groups) can also be added to Webdashboard. When adding and Entra group the users will not be automatically be added. You can use the group for 3 purposes:
- Enable users sync
This will sync users that are in an Entra Group (also works with hierarchical groups) to Webdashboard.
Click on the user’s logo under actions and switch on the sync. When enabling this, two thing happen:- All the Entra Users not already in Webdashboard will be automatically added
- A subscription is made on your EntraID to get notified if the group is changed as described in detail here.
- Licenses will not be added or deleted when enabling sync. Please contact Team Webdashboard, if you want to enable this option.
- Workspace security
Click on the shield button under actions
- Configure startup page
By default all the users will land on the Webdashboard home page. If you want a group of users to land directly in a Workspace, you can configure that on a group.
Click on the pen button under actions
Figure 16 - EntraGroup after it's added to Webdashboard
Figure 17 - User sync switch