Coins ERP+ server hosted in Coins Construction Cloud or on premise (including customers own cloud tenancy)

Customers own Microsoft Azure Tenant

A Power BI Pro licence

Access rights to create new resources in an Azure Subscription

Coins JSON template for Microsoft Power BI Embedded

Login to Azure portal using an account with sufficient access rights to create new user accounts in your organisation's Azure Entra ID.

Create a new user that the Coins Power BI Embedded API will use for authentication.

This account must not use Multi Factor Authentication (MFA) as it will be used to access the Power BI Embedded API from within the Coins ERP+ system. If MFA is enforced for your Entra ID directory, you can configure MFA to be skipped for authentication requests from trusted IP addresses by following the guidance see Appendix A.

Create the account with a strong password and record this information securely

NOTE: If your organisation uses Active Directory Federation Services (ADFS) you must create the User Account in Azure Entra ID and not in your on-premises Active Directory.

Log in to Azure portal using account with Owner rights to the applicable Azure Subscription..

Select Create a Resource, search for and then select Template deployment (deploy using custom templates).

Click Create and then select "Build your own template in the editor".

Click Load File and select the JSON template supplied by Access Coins.

Click Save

Complete the required parameters before clicking Review + Create, then Purchase.

Select the required Azure subscription and Resource group.

Enter a unique name for the Power BI Embedded resource.

Select the Azure data centre location nearest to your Coins server for best performance. If your Coins server is hosted in Microsoft Azure, select the same Azure data centre.

Select the Power BI Embedded Pricing Tier – Coins suggests 'A1' for the initial deployment.

Specify a user account from your organisations Azure Entra ID that will be the Power BI Capacity Administrator for this new resource.

See https://docs.microsoft.com/en-us/power-bi/developer/azure-pbie-create-capacity for more information on the creation of Power BI Embedded resources.

Log in to Azure portal using an account with access rights to register Apps in Azure Entra ID.

Open the Azure Entra ID blade, select 'App Registrations' and click 'New registration'.

Specify a name for the new App Registration and click 'Register'.

Select the Authentication blade and select Add a platform, select "Mobile and Desktop applications" then add a custom redirect URI.
​

The Redirect URI should be "urn:ietf:wg:oauth:2.0:oob" (without the quotes). Please enter this URI carefully without altering the format. Click configure when done.
​

Under Advanced Settings in the "Allow public client flows" section switch the 'Enable the following mobile and desktop flows" to 'Yes' and then click Save.
​

Select the API Permissions blade and click 'Add a permission'.

Select Power BI Service.
​

Select Delegated Permissions.
​

Select View/Read Only permissions as follows:
​

Click 'Add a permission".

Select the APIs my organisation uses tab.

Enter Azure SQL in the search box.
​

Select the Azure SQL Database option.

Select Delegated permissions.

Check the Permissions option box.
​

Click the Add Permissions button to complete the process.

Click the 'Grant admin consent…' button to complete the changes.

Select the Owners blade and add the Azure Entra ID account created earlier. This is the account that will be used by the Coins Server to authenticate connections to Power BI.

Azure Entra ID User Account name & password created for this Coins Power BI Embedded deployment

Azure App "Application ID"