Configure Service Principal Auth for Microsoft Power BI
A Service Principal is an Azure application that is a member of a security group and acts on its behalf. It allows for automated tasks and resource access in Power BI without requiring user credentials.
- Service Principal supports retrieving the following object types and creating lineage for them: WORKSPACE, DASHBOARD, TILE, REPORT (including RDLREPORT), DATASET (Semantic model).
- Images can be collceted for External Reports, but iframe embedding is not supported.
Table of contents:
2. Enter App Info
- Enter a descriptive App Name
- Supported account types: "Accounts in this organizational directory only (<directory name> only - Single tenant)"
- [Register]
3. Add Client Secret
Access Manage > Certificates & Secrets
- [+ New client secret]
- Description: Enter a name for the Client Secret
- [Add]
- Copy and save the Client Secret Value
4. Create Security Group
Access Microsoft Azure Portal
- Access Groups
- [New group]
- Group type: Security
- Enter a descriptive Group name
- Membership type: Assigned
- [Create]
5. Add Azure App to Security Group
- Access the previously created Security Group
- Access Manage > Members
- Enter the name of the created Azure app in search
- [Select]
6. Grant Permissions and Workspace Access for Azure Security Group in Power BI
Access Microsoft Power BI server > Settings > Admin Portal
6.1. Allow Service Principals to Use Read-Only Power BI Admin APIs
- Access Tenant settings
- Select Service principals can access read-only admin APIs
- [Enable]
-
Apply to: Specific security groups
- Select the previously created Azure security group
- [Apply]
6.2. Allow Service Principals to use Fabric APIs
- Select Service principals can use Fabric APIs
- [Enable]
-
Apply to: The entire organization
- Alternatively, select 'Apply to: Specific security groups' and grant access to the previously created Azure security group
- [Apply]
6.3. Add Security Group to Workspace
Access a Microsoft Power BI Workspace
NOTE: Adding security group to a Workspace may take up to 1 hour to apply.
- [Manage access]
- [+ Add people or groups]
- Select the previously created Azure security group
- Leave the default value 'Viewer'
- [Add]
Once Service Principal has been configured, proceed to create a Microsoft Power BI Cloud Data Source.