2023-04-10
How to get started with SAM One
Please note: This guide contains instructions for installing the SAM One report. It is not possible to complete the installation and populate the report with your own data without having a SAM One subscription.
Introduction
Getting started with SAM One requires a couple of resources to be set up in your Azure environment, as well as installing the PowerBI report in your environment.
The process can be summarized as:
Create an app registration in Azure AD.
Create a storage account to store report data.
Provide SAM One with credentials to access the app registration and storage account.
Install the SAM One PowerBI report.
A prerequisite is to assign a PowerBI Pro license to every user who will read the SAM One report.
Setting up the App Registration
To allow SAM One to process data from your directory, you need to create an app registration in your Azure AD and grant permission to read certain resources.
An app registration is a way to register an application in Azure AD and generate a set of credentials that the application can use to authenticate and access Azure AD-protected resources. This registration creates a unique identity for the application, including a client ID and secret, which are used to authenticate and authorize the application to access specific resources in Azure AD.
To create an app registration in Azure AD, follow these steps:
1. Log in to the Azure portal using your Azure credential (https://portal.azure.com).
2. Create a storage account to store report data.
3. Select "App registrations" from the left-hand menu.
4. Click on the "New registration" button at the top of the App registrations page.
5. Give your app registration a name and choose "Accounts in this organizational directory only" under "Supported account types".
6. Leave the "Redirect URI (optional)" field empty
7. Click "Register" to create your app registration.
8. On the app registration page, note the "Application (client) ID" and the "Directory (tenant) ID". You'll need these later.
9. From the left-hand menu, select "API permissions".
10. Click the "Add a permission" button.
11. Choose "Microsoft Graph" as the API.
12. Select "Application permissions".
13. Scroll down to the "DeviceManagementManagedDevices" section and select "DeviceManagementManagedDevices.Read.All" permission. You can of course search for the permission as well.
14. Scroll down to the "Directory" section and select "Organization.Read.All"
15. Scroll down to the "User" section and select "User.Read.All" permissions.
16. Click the "Add permissions" button to save your selections.
17. Grant admin consent for the permissions by clicking the "Grant admin consent for [your tenant name]" button.
18. Navigate to the ‘Certificates & secrets’ section in the left-hand menu.
19. Click on the “New client secret” button.
20. Give your secret a name and an expiration date. Please note that you are responsible for rotating the key before or when it expires.
21. After creating the secret, save it somewhere safe in preparation for sending it to SAM One.
Setting up the Storage Account
Since SAM One doesn’t store any of your data in our environment, we need you to set up a storage location in your tenant. This also means that you control access to your data and for how long it's kept.
In this section we describe how you set up the necessary storage space in Azure.
1. Log in to the Azure portal using your Azure credentials (https://portal.azure.com).
2. Click on the "Storage accounts" service from the left-hand menu.
3. Click on the "Create" button at the top of the Storage accounts page.
4. Choose your subscription and resource group, and give your storage account a name. The following settings are required:
Enable storage account key access – Yes
Enable public access from all networks - Yes
For the rest of the settings, we recommend the following:
Region: preferably a region in Europe, but it’s not necessary
Redundancy: GRS
Require secure transfer for REST API - Yes
Allow enabling public access on containers - No
Minimum TLS version – 1.2
Access tier - Hot
5. Click "Review" to review your storage account settings.
6. Click "Create" to create your storage account.
7. Once your storage account is created, click on its name to open its Overview page.
8. Note the account name, you'll need this later.
9. From the left-hand menu, select "Access keys".
10. Note the "Key" value for Key1 or Key2, as you'll need to provide SAM One with this value
Providing SAM One with the Credentials
Once you have everything set up in your Azure environment, you need to provide us with credentials so we can access your data. There are different alternatives to accomplish this, outlined in this article <link to other article>. Our recommended methods are to either share the credentials via a password manager like 1Password, Dashlane or Bitwarden, or use encrypted emails in Outlook. Regardless of how you choose to share this information, the recipient should be credentials@sam-one.com
The information we need is:
App registration – Application (Client) Id
App registration – Client secret
Storage account – Name
Storage account – Access key (either Key1 or Key2)
Installing the PowerBI Report
After finishing the setup of your environment and providing SAM One with the necessary credentials, it’s time to install the Sam-One PowerBI report and set it up.
1. Go to the PowerBI landing page at https://app.powerbi.com.
2. In the left-hand menu, click on ‘Apps’.
3. Click on ‘Get apps’ in the top right corner.
4. Search for the SAM One report. You can use ‘sam-one’ as the search term.
5. Click on the search result.
6. Select ‘Get it now’ under the app icon.
7. Confirm your selection.
8. You will now be prompted with a screen asking you to install the app. Select ‘Install’.
9. The SAM One app will now be installed in your tenant. You can find it by navigating to ‘Apps’ again.
10. Select the SAM One app in the list. This will open the report and display a demo dataset.
11. At the top of the report, you will see a message asking you to connect to your data. Click on ‘Connect to your data’.
12. In the dialog that opens, enter the name of your storage account you set up earlier.
13. In the next step, you will be asked to enter the storage account access key.
14. Click on ‘Sign in and connect’ to finished the setup.
Sign up for our newsletter
Register your email address below to receive the latest information on SAM One.
Contact
Send us a message to:
Purchase SAM One.
Get answers to your questions.
Find out more about the benefits of SAM One.