Connecting MS Power Apps
What are my connection options?
In order for PowerApps to access the Spectrum database we have to set up a means for the platform to gain access to the server. There are two methods you can use, Microsoft Data Gateway or IP Whitelisting. You only need one method or the other based on your specific IT needs. The Whitelisting method offers an overall faster service and does not require any additional software or hardware within your network, however it does not work with PowerBI if you are wanting that service in addition to PowerApps.
Microsoft Data Gateway Method
You will need to install the “Microsoft Data Gateway” somewhere within your network or on a hosted machine that has been whitelisted by Viewpoint. This is a very small application that essentially acts as a relay so that the Microsoft Power Platform can get access to the data on the Spectrum server without us having to whitelist any of Microsoft’s IP addresses to make it work. It can run on any existing Windows server machine as the requirements for what we will need are relatively low, however it does need to run on a server and not a workstation because if it goes offline so does the app.
The details about what the gateway is, how it works, and a link to the installer is here: https://docs.microsoft.com/en-us/power-bi/connect-data/service-gateway-onprem
This same connector also allows you to use Microsoft PowerBI with Spectrum if you were ever interested in that.
IP Whitelisting Method
Viewpoint can whitelist the ranges of IP addresses that Microsoft uses for PowerApps so any running app on their platform can access the Spectrum database without the use of any external workarounds. It does require a long set of whitelisting, but this is working successfully at many clients and does result in the apps being more responsive due to the direct access to the database.
You’ll need to open up a support ticket with Viewpoint and request that they whitelist the addresses at the end of this document.
The current list of IP addresses for your region can be found on Microsoft’s website at: Connectors outbound IP addresses | Microsoft Learn
Office 365 Tenant Configuration for Teemur Group
In Office 365 you’ll need to create an account within your tenant that the Teemur Group can log in with (i.e. teemurgroup@<your domain>.com)
You’ll want to assign that user a “PowerApps Per User” license. This is a name user license and is different than what everyone else will have as it gives us a base amount of storage and ability to have multiple apps in development while we are working through the process. It will also need to be assigned as the PowerApps admin so that we can create the environment, assign users, etc. We do not need any security beyond PowerApps admin, so please do not assign any global permissions outside of this. Please apply any MFA rules that you have for the rest of the domain to this account. Since it is the author of the Power Apps and corresponding Power Automate scripts it should be well secured.
If any of the apps will use an approval workflow or have any type of email notification features this user will need to be granted an Outlook user email account as well.
When it comes to individual users you can get the “PowerApps Per App” license. These are actually not done by user, but rather you just buy a pack of them and then they are consumed as we assign users to the app. Microsoft routinely changes its marketing around these licenses, the link below contains the most recent version.