Prerequisites

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

This section helps you prepare to configure the Microsoft Fabric OCF connector in Alation, including verifying your Fabric environment, registering an Azure AD application, creating a service principal, and configuring the required permissions.

Before you begin, ensure you have the following:

• Verify Microsoft Fabric is Enabled

• Register an Azure AD Application

• Grant API Permissions

• Enable Fabric Tenant Settings

• Grant Workspace Access

• Lineage Prerequisites

Verify Microsoft Fabric is Enabled

Before requesting the Microsoft Fabric connector installation, verify that your Microsoft Fabric environment meets the following requirements. A Fabric administrator is required to perform these checks.

1. Verify Fabric is enabled on your tenant

   1. Sign in to the Microsoft Fabric portal as a Fabric administrator.

   2. Navigate to Admin Portal > Tenant Settings > Microsoft Fabric.

   3. Confirm that the Users can create Fabric items setting is enabled.

   For more information, see Enable Microsoft Fabric for your organization.

2. Verify Service principals can call Fabric APIs

   1. In the Admin Portal, navigate to Tenant Settings > Developer settings.

   2. Confirm that the Service principals can call Fabric public APIs setting is enabled.

   3. Confirm that the security group containing your service principal is included in the allowed list (or the setting is enabled for the entire organization).

   For more information, see Developer admin settings.

3. Verify you have a Fabric capacity

   1. In the Admin Portal, navigate to Capacity settings.

   2. Confirm you have at least one active Fabric capacity (F2 or higher, or Power BI Premium P1+ with Fabric enabled).

4. Verify workspaces with Fabric items exist

   1. Confirm you have at least one workspace containing Lakehouse or Warehouse items.

   2. Confirm the SQL Analytics Endpoint is provisioned (status: Success) for the items you want to catalog.

Note

If any of the above checks fail, work with your Microsoft 365 or Fabric administrator to enable the required settings before proceeding with the connector installation request.

Register an Azure AD Application

Register an application in Azure Active Directory (Azure AD) to create a service principal for the connector. For more information, see Register an application with the Microsoft identity platform in the Microsoft documentation.

1. Sign in to the Azure portal.

2. Navigate to Azure Active Directory > App registrations > New registration.

3. Enter a name for the application (for example, Alation Fabric Connector).

4. Select Accounts in this organizational directory only for the supported account type.

5. Click Register.

6. After registration, note the following values from the Overview page:

   • Application (client) ID — you will use this as the Client ID in Alation.

   • Directory (tenant) ID — you will use this as the Tenant ID in Alation.

7. Navigate to Certificates & secrets > New client secret.

8. Add a description and select an expiration period. Click Add.

9. Copy the Value of the client secret immediately — it will not be shown again. You will use this as the Client Secret in Alation.

Grant API Permissions

Grant the Fabric.Read.All API permission to the service principal.

1. In the Azure portal, navigate to Azure Active Directory > App registrations > select your application.

2. Go to API permissions > Add a permission.

3. Select APIs my organization uses and search for Microsoft Fabric (or Power BI Service).

4. Select Application permissions.

5. Check Fabric.Read.All and click Add permissions.

6. Click Grant admin consent to activate the permission.

Important

Admin consent is required for the Fabric.Read.All permission to take effect. Without admin consent, the connector will fail to authenticate.

Enable Fabric Tenant Settings

Enable the tenant setting that allows service principals to use Fabric APIs. For more information, see Enable service principal authentication in the Microsoft Fabric documentation.

1. Sign in to the Microsoft Fabric portal as a Fabric administrator.

2. Navigate to Admin Portal > Tenant Settings > Developer settings.

3. Find the setting Service principals can use Fabric APIs.

4. Enable the setting.

5. Under Apply to, select the security group that contains the service principal, or select The entire organization.

Important

If the service principal is not in the specified security group, the connector will receive a 403 Forbidden error when calling the Fabric REST API. Ensure the service principal is added to the correct security group.

Grant Workspace Access

The service principal must have access to the Fabric workspaces you want to catalog.

1. In the Microsoft Fabric portal, navigate to the workspace you want to catalog.

2. Click the Manage access icon (or go to Workspace settings > Access).

3. Add the service principal (by its application name or client ID) as a Member or Admin. The minimum required role is Member — the Viewer role is not sufficient.

4. Repeat for each workspace you want to extract metadata from.

Note

The connector can only discover workspaces that the service principal has access to. Workspaces without access will not appear during metadata extraction.

Lineage Prerequisites

To view lineage between Fabric Lakehouse or Warehouse objects and Power BI semantic models or reports, ensure that:

• The Power BI Scanner OCF Connector version 2.13.0 or higher is installed in Alation.

• The Power BI data source is cataloged in Alation.