Azure settings for Power BI connection
General credentials
To provide a connection to Power BI admin should use Azure app credentials depending on the type of access
| Credentials | Description |
|---|---|
| Client ID (= Application ID) | go to the User profile page -> go to the Application tab -> go to the Assignment Detail page of the app "PowerBI connection" OR go to the Azure Active Directory -> go to the App registration -> go to the “PowerBI connection" app |
| Client Secret | go to the Azure Active Directory -> go to the App registration -> go to the "PowerBI connection" page -> go to the Certificates & secrets tab -> create new secret |
| Tenant ID | go to the Azure Active Directory page |
| Username | user email in the Azure account |
| Password | user password for the Azure account |
Azure application settings for the Standard access
Azure-user should have:
- at minimum, the PowerBI Pro paid licence
- assigned roles to the PowerBI administrator and the Power platform administrator
- created a Security group for Principal access
- created enterprise application for standard access to the API with granted permissions:
| API | Permission name |
|---|---|
| Microsoft Graph | User.Read |
| Power BI Service | App.Read.All |
| Capacity.Read.All | |
| Dashboard.Read.All | |
| Dataflow.Read.All | |
| Dataset.Read.All | |
| Report.Read.All | |
| StorageAccount.Read.All | |
| Tenant.Read.All | |
| UserState.ReadWrite.All | |
| Workspace.Read.All |
Azure application settings for the Principal access
- created enterprise application for principal access to the API with granted permissions:
| API | Permission name |
|---|---|
| Microsoft Graph | User. Read |
| OpenID |
- to grant access to the principle application user should configure Power BI settings using the Security group - Enable service principal
Azure application settings for SSO
- create an application in the Azure Cloud AD
- go to the Enterprise applications tab → your application page
- enable "Enabled for users to sign-in?" in Properties
- go to the App registration tab → Grant permissions for your application:
| API | Permission name |
|---|---|
| Microsoft Graph | Group.Read.All |
| GroupMember.Read.All | |
| User.Read | |
| User.Read.All |
- add redirect URI - https://{domain}/auth/azure/auth
Exceptions
- we don't export the reports designed as a large model. Power BI requires the generation 2 capacity setting for the large model export