Configure Microsoft Power BI OAuth in Azure AD
This article describes how to configure OAuth for your Microsoft Power BI application in Azure AD.
Enabling OAuth has the following benefits compared with the Username/Password authentication model:
- Ability to view content in iframes based on user account permissions rather than service account permissions
- Available row-level security (RLS) without the need to use User Maps on MI side (you only have to enable RLS in Power BI)
Video Tutorial
Create an App for Use in Azure AD
2. Enter App Info
- Enter the App's Name
- Supported account types: "Accounts in this organizational directory only (<directory name> only - Single tenant)"
-
Redirect URI: add
https://<MI hostname>.com/editor/service/validatepowerbioauth
- [Register]
The App menu is opened.
3. Add Office 365 Permissions
- Access API Permissions tab
- [+ Add a permission]
- [Office 365 Management APIs]
- [Delegated permissions]
- Enable the following permissions:
-
Activity Feed:
- ActivityFeed.Read
- ActivityFeed.ReadDlp
-
ServiceHealth:
- ServiceHealth.Read
-
Activity Feed:
- [Add permissions]
4. Add Power BI Service Permissions
- Access API Permissions tab
- [+ Add a permission]
- [Power BI Service]
- [Delegated permissions]
- Enable the following permissions:
-
App:
- App.Read.All
-
Dashboard:
- Dashboard.Read.All
-
Dataset:
- Dataset.Read.All
-
Report:
- Report.Read.All
-
Tenant:
- Tenant.Read.All
-
Workspace:
- Workspace.Read.All
-
App:
- [Add permissions]
6. Add a Client Secret
Optionally, you can enable Client Secret.
After the Client Secret has been generated, the Username/Password authorization will no longer work.
- Access Certificates & Secrets tab
- [+ New Client Secret]
- [Add]
- Copy and save Client Secret Value
Configure Power BI OAuth in Metric Insights
1. Create New Power BI Data Source:
Create new Data Source under Admin > Collection & Storage > Data Sources > [+ New Data Source] > Microsoft Power BI Cloud:
For more details on creating a Microsoft Power BI Data Source, see Establish Connectivity to Microsoft Power BI.
2. Configure Report Type: Access Admin > Plugins > External Report Types
The list page containing all External Report Types available in the system opens.
Below the grid, click [+ New Data Source].
- Image Source Plugin: Microsoft Power BI Cloud
- Drill-Down Authentications: "Power BI OAuth"
- Enable Auto generate URL
- [Save]
3. Configure External Report Using New Report Type: [+ New] > External Report > Microsoft Power BI OAuth
Provide all the required External Report information. On the Configuration tab:
- Report Image: "On Demand: only when needed for distribution"
- Image type: "Collect with user's credentials (1 image per user, per view)"
For more details on creating Microsoft Power BI External Reports, see Create an External Report from Power BI.