The following guide describes the process of configuring a Service Principal. The steps listed in this article may require elevated privilege's in your Power BI environment.
Steps:
1. Log into the Azure portal (https://portal.azure.com/)
2. Open app registrations
3. Create a new registration
4. Enter a name for the new app registration. We recommend using "QuerySurge Integration" as its easy to identify the purpose of the entry.
Note: Supported Account Types limits what accounts can access the API. We recommend using "Accounts in this organizational directory only" which is the most restrictive. For more information on supported account types click "Help me choose..." on the Azure page.
5. Click register
6. On your new app registration, make note of the values for "Application (client) ID" and "Directory (tenant) ID". These values will be utilized in QuerySurge to setup your connection.
7. Select "Certificates and secrets"
10. Generate a new client secret
11.Enter a description for the secret and an expiration time. Once completed, click Add
Note: If expiration time is utilized, you will need to regenerate your secret upon expiration or the QuerySurge integration will not work.
12. Copy the value field. This is your client secret and will be utilized in QuerySurge to setup your connection.
Note: Client secrets are only displayed on creation. Once you navigate off this screen you will be unable to extract this secret again. If lost, a new secret will need to be generated.
13. Log into Power BI
14. Expand Workspaces
15. Locate the workspace which contains the reports which you would like to test with QuerySurge. Click the vertical 3 dots and select "Workspace access"
16. Search for the app registration created earlier and add the app as a member for the workspace.
Note: Permissions may take some time to populate.
17. Open the Power BI Admin portal
18. Select Tenant Settings and enable "Allow service principals to use Power BI APIs" and click Apply
Note: For enhanced security, you can limit access to specific security groups. We recommend working with your Azure administrator to configure this item. If set, you will need to ensure that your newly created application registration is added to the security group utilized. Information on how to add a application registration to a security group can be found at https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-service-principal#create-a-security-group-using-powershell
19. Enable "Embed content in apps" and click Apply
Comments
0 comments
Please sign in to leave a comment.