You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/partner-solutions/split-experimentation/how-to-set-up-data-access.md
+9-10Lines changed: 9 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,7 +32,7 @@ Register a new app or use an existing Microsoft Entra application registration t
32
32
33
33
To register a new app:
34
34
35
-
1.Go to **Identity** > **Applications** > **App registrations**.
35
+
1.In the Microsoft admin center, go to **Identity** > **Applications** > **App registrations**.
36
36
37
37
:::image type="content" source="media/data-access/app-registration.png" alt-text="Screenshot of the Microsoft Entra admin center showing the App registrations page.":::
38
38
@@ -45,12 +45,11 @@ To register a new app:
45
45
46
46
Configure the application ID URI to allow the Entra application to be used as global audience/scope when requesting an authentication token.
47
47
48
-
1.Open your app in the Azure portal and under **Overview**, get the **Application ID URI**.
48
+
1.In the Microsoft Entra admin center, in **Identity** > **Applications** > **App registrations**, open your application by selecting its **Display name**. In the pane that opens, under **Overview**, copy the **Application ID URI**. If instead of the application ID URI you see **Add an Application ID URI**, select this option, then select **Add** and **Save**.
49
49
50
50
:::image type="content" source="media/data-access/get-application-id-uri.png" alt-text="Screenshot of the app in the Azure portal.":::
51
51
52
-
1. Back in the Microsoft Entra admin center, in **Identity** > **Applications** > **App registrations**, open your application by selecting its **Display name**.
53
-
1. In the pane that opens, select **Expose an API** and Ensure the **Application ID URI** value is: `api://<Entra application ID>` where `Entra application ID` must be the same Microsoft Entra application ID.
52
+
1. Then select **Expose an API** in the app's left menu. Ensure the **Application ID URI** value is: `api://<Entra application ID>` where `Entra application ID` must be the same Microsoft Entra application ID.
54
53
55
54
:::image type="content" source="media/data-access/app-registration.png" alt-text="Screenshot of the Microsoft Entra admin center showing the App registrations page.":::
56
55
@@ -81,8 +80,8 @@ In the Microsoft Entra admin center, go to your app and open the **Expose an API
81
80
82
81
Split Experimentation workspace supports well-known roles to scope access control. Add the following roles in the Entra application.
83
82
84
-
1. Go to the **App roles** menu and select **Create app role**.
85
-
1. Select or enter the following information in the pane that opens to create a first role:
83
+
1. Go to the **App roles** menu of your app and select **Create app role**.
84
+
1. Select or enter the following information in the pane that opens to create an *ExperimentationDataOwner* role. This role gives the app full access to execute all operations on the Split Experimentation resource.
86
85
87
86
-**Display name**: enter *ExperimentationDataOwner*
88
87
-**Allowed member types**: select **Both (Users/Groups + Applications)**
@@ -92,7 +91,7 @@ Split Experimentation workspace supports well-known roles to scope access contro
92
91
93
92
:::image type="content" source="media/data-access/create-app-role.png" alt-text="Screenshot of the Microsoft Entra admin center showing how to create an app role.":::
94
93
95
-
1. Create a second role:
94
+
1. Create an *ExperimentationDataReader* role. This role gives the app read access on the Split Experimentation resource, but doesn't allow it to make any changes.
96
95
97
96
-**Display name**: enter *ExperimentationDataReader*
98
97
-**Allowed member types**: select **Both (Users/Groups + Applications)**
@@ -104,16 +103,16 @@ Split Experimentation workspace supports well-known roles to scope access contro
104
103
105
104
#### Choose an assignment requirement option
106
105
107
-
1. Go to the **Overview** menu and select the link under to **Managed application in local directory**
108
-
1. Open **Manage** > **Properties** and select your preferred option for the **Assignment required** setting.
106
+
1. Go to the **Overview** menu of your app and select the link under **Managed application in local directory**. This opens your app in the Microsoft admin center **Identity** > **Enterprise Application** menu.
107
+
1. Open **Manage** > **Properties**on the left and select your preferred option for the **Assignment required** setting.
109
108
-**Yes**: means that only the entries explicitly defined under **Users and Groups** in the enterprise application can obtain a token and therefore access the associated Split Experimentation Workspace. This is the recommended option.
110
109
-**No**: means that everyone in the same Entra tenant can obtain tokens and therefore may be allowed, via the Split Experimentation control plane opt-in setting, to access the associated Split Experimentation Workspace.
111
110
112
111
:::image type="content" source="media/data-access/assignment-required.png" alt-text="Screenshot of the Microsoft Entra admin center showing how to require an assignment.":::
113
112
114
113
#### Assign users and groups
115
114
116
-
1. Go to the **Users and groups** menu and select **Add user/group**
115
+
1. Go back to the **Users and groups** menu and select **Add user/group**
117
116
118
117
:::image type="content" source="media/data-access/assign-users.png" alt-text="Screenshot of the Microsoft Entra admin center showing how to assign roles to users.":::
119
118
1. Select a user or a group and select one of the roles you created for the Split Experimentation Workspace.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments