Skip to content

External Access to SOI's Azure Environment

Python automation to add users

There is a python script to automatically add users to the Census, Census Verification and HAS Dashboards. This is the new method to add people to these dashboards. This will be included in the code pipeline in the future.

The instructions for this are to email Karly with an Excel document with these columns containing the information for who needs to get access:

  • FirstName
  • LastName
  • OrganizationName: The program or region name of what the user should have access to. If the person needs full access, type 'Full Access'. If they need region access, type in one or more of these regions: ['EAST ASIA', 'ASIA PACIFIC', 'NORTH AMERICA - CANADA ONLY', 'AFRICA', 'MIDDLE EAST', 'NORTH AMERICA - CARIBBEAN ONLY', 'LATIN AMERICA', 'EUROPE EURASIA', 'USA', 'SOI']. For program level access, put in the program name exactly how it would be in census.
  • Email
  • ProductName: 'CensusReachReport', 'CensusVerification', or 'HASDashboard'
  • Role: This is either 'Admin' or 'User'. Now, make this always 'User' as this field is not really used anymore.
  • Optional Title: Freeform text field for the position/title of the person needing access
  • Optional Note: Freeform text field to add helpful notes

The code will then go through each row in the Excel document, give the user access, refresh the dashboard if needed, and send the individual an email with the instructions for them to access the dashboard.

Instructions to add users Manually

Invite external users to the Azure Ecosystem

  1. Go to Azure Portal
  2. Select "Azure Active Directory" under Azure Services ex1
  3. Select "Users" in the left hand panel ex2
  4. Click on "+ Users" and select "Invite external user" ex3
  5. Invite user

Create Invite - including some language describing what the user is being invited to, such as:

Hello!

We would like to provide you with guest access to our SOI Azure ecosystem. Please accept this invitation so that you can access the [insert product name here], as well as any other reports and dashboards that are shared to your email in the future.
Sincerely,

SOI Data Science

ex4

Note: You can search the user’s email in the Users page to see if they’re already in the ecosystem. If they are in the ecosystem, Azure will not send an invite. In batch invites, only users who currently aren’t in the system will receive an invite.

Create Security Group

  1. Go to Azure Portal
  2. Select "Azure Active Directory" under Azure Services ex1
  3. Select "Groups" in the left hand panel ex5
  4. Select "New Group" ex6
  5. Create New Group ex7

Add Users to a Security Group

  1. Go to Azure Portal
  2. Select "Azure Active Directory" under Azure Services ex1
  3. Select "Groups" in the left hand panel ex5
  4. Search for the name of the group you'd like to add the person to
  5. Select the group under the search bar ex8
  6. Select "Members" on the left hand panel ex9
  7. Search for Users or Add New Users. Search if a person exists in the group by first/last name or email address; or select Add members to add new members ex10
  8. Add Members to Group. Add member(s) to group by searching persons’ first/last name or email address. If they aren’t returned in the search, they may not be added as a user in the ecosystem (see Invite external users to the Azure Ecosystem). ex11

Adding users to PowerBI Dashboards

  1. Make a new group (ex. ADAPT_SOAP) using the instructions above.
  2. Put in the name on Azure groups, add Karly and Jackie as owners, and save the group
  3. Add the individuals you want to the group. Make sure these individuals exist in the Azure ecosystem. If not follow the instructions above.
  4. Add the person to the tables by writing SQL queries 
    INSERT INTO UserAccess.Dashboards 
    VALUES('Dipak', 'Natali', 'ASIA PACIFIC', 'Region', 'dnatali@specialolympics.org', 'CensusReachReport',  'Admin', GETDATE(), NULL)
INSERT INTO UserAccess.Dashboards 
    VALUES('Dipak', 'Natali', 'ASIA PACIFIC', 'Region', 'dnatali@specialolympics.org', 'SOI Main',  'Admin', GETDATE(), NULL)
/* For SONA you need to do both of the lines above for 3 regions separately:
   NORTH AMERICA - CANADA ONLY, NORTH AMERICA - CARIBBEAN ONLY, USA
 */
;
  5. Refresh the data in the dashboard
  6. Add the row level security. See the instructions above. Level - security - enter email addresses, enter ADAPT_SOAP
  7. Go to power bi web. The dataset, …, settings
  8. Here you add ADAPT_SOAP into UserAccess. The FullAccess does not go through the filtering in the dashboard.

Remove user access

  1. Go into the group that the person is in and remove the person from user access
  2. Remove person from user access 
    DELETE FROM UserAccess.Dashboards WHERE email = 'USER EMAIL'
  3. Update the PowerBI dashboard to refresh the user access dashboard data