π€ Who can do this? You will probably need your Microsoft Power BI tenant administrator to run these commands β you may not have access yourself.
Create an Azure Active Directory application
To create an Azure Active Directory (AD) application:
- Log in to the Azure portal: https://portal.azure.com/
- Open the menu and click Azure Active Directory.
- In the left menu, under the Manage section, click App Registrations.
- At the top of the page, click the New registration button.
- In the resulting page, enter the following information:
- For Name enter a name for the integration. For example,
AtlanPowerBIIntegration
. - For Supported account types select Accounts in this organizational directory only (<directory> only - Single tenant).
- For Name enter a name for the integration. For example,
- At the bottom of the page, click the Register button.
Add permissions
π¨ Careful! Only administrators can perform this action β this is necessary so the Atlan crawler does not need to ask user permissions every time it runs.
To add permissions for this application:
- In the left menu of the app registration, under the Manage section, click API permissions.
- Under the Configured permissions heading, click the Add a permission button.
- Using Cmd+F / Ctrl+F search for and click the Power BI Service tile.
- In the resulting page, click Delegated permissions and select the following permissions:
App.Read.All
Capacity.Read.All
Dashboard.Read.All
Dataflow.Read.All
Dataset.Read.All
Gateway.Read.All
Pipeline.Read.All
Report.Read.All
StorageAccount.Read.All
Tenant.Read.All
Workspace.Read.All
- At the bottom of the page, click the Grant Admin consent button. (If you only see the Add permissions button you are not an administrator.)
Create a client secret
To create a client secret:
- In the left menu of the app registration, under the Manage section, click Certificates & secrets.
- Under the Client secrets tab, click the New client secret button.
- Enter a description and set the expiration.
- At the bottom of the page click the Add button.
- For your create secret, under the Value column, click the copy icon to copy the secret value.
Retrieve the tenant and client IDs
To retrieve the tenant ID and client ID from the Azure portal:
- In the left menu of the app registration, at the top click Overview.
- Under the Essentials section, copy the Application (client) ID and the Directory (tenant) ID.
Create a security group
To create a group:
- Open the menu and click Azure Active Directory.
- In the left menu, under the Manage section, click Groups.
- At the top of the page, click the New group button.
- Set the Group type to Security.
- Enter a Group name and (optionally) a Group description.
- Under Members click the No members selected link.
- Search for the application registration created above and click it to select it.
- At the bottom of the page click the Select button.
- At the bottom of the page click the Create button.
Enable extra admin API settings
π¨ Careful! Only administrators can perform this action.
To enable the Microsoft Power BI admin API:
- Log in to the Power BI admin portal: https://app.powerbi.com/admin-portal
- From the menu under Admin portal click Tenant settings.
- Under the Developer settings heading, expand the Allow service principals to use Power BI APIs expandable and ensure this is Enabled.
- Under Specific security groups (Recommended) add the security group created above.
- At the bottom of the expanded section click the Apply button.
- Under the Admin API settings heading, expand the Allow service principals to use read-only Power BI admin APIs expandable and ensure this is Enabled.
- Under Specific security groups add the security group created above.
- At the bottom of the expanded section click the Apply button.
- Still under the Admin API settings heading, expand the Enhance admin APIs responses with detailed metadata expandable and ensure this is Enabled.
- Under Specific security groups add the security group created above.
- At the bottom of the expanded section click the Apply button.
- Still under the Admin API settings heading, expand the Enhance admin APIs responses with DAX and mashup expressions expandable and ensure this is Enabled.
- Under Specific security groups add the security group created above.
- At the bottom of the expanded section click the Apply button.
Add service principal as a workspace viewer
π¨ Careful! Only administrators can perform this action.
To add a service principal as a workspace viewer:
- Log in to the Power BI portal: https://app.powerbi.com
- From the menu on the left, open Workspaces and then the workspace you want to access from Atlan.
- Above the table, click the Access button.
- In the resulting panel:
- Inside the text box that says Enter email addresses enter the name of the security group you created above.
- Change the drop-down below this to Viewer.
- Below the drop-down, click the Add button.