How to set up Microsoft Power BI

Have more questions? Submit a request
πŸ€“ Who can do this? You will probably need your Microsoft Power BI tenant administrator to run these commands β€” you may not have access yourself.

Create an Azure Active Directory application

To create an Azure Active Directory (AD) application:

  1. Log in to the Azure portal: https://portal.azure.com/
  2. Open the menu and click Azure Active Directory.
  3. In the left menu, under the Manage section, click App Registrations.
  4. At the top of the page, click the New registration button.
  5. In the resulting page, enter the following information:
    • For Name enter a name for the integration. For example, AtlanPowerBIIntegration.
    • For Supported account types select Accounts in this organizational directory only (<directory> only - Single tenant).
  6. At the bottom of the page, click the Register button.

Add permissions

🚨 Careful! Only administrators can perform this action β€” this is necessary so the Atlan crawler does not need to ask user permissions every time it runs.

To add permissions for this application:

  1. In the left menu of the app registration, under the Manage section, click API permissions.
  2. Under the Configured permissions heading, click the Add a permission button.
  3. Using Cmd+F / Ctrl+F search for and click the Power BI Service tile.
  4. In the resulting page, click Delegated permissions and select the following permissions:
    • App.Read.All
    • Capacity.Read.All
    • Dashboard.Read.All
    • Dataflow.Read.All
    • Dataset.Read.All
    • Gateway.Read.All
    • Pipeline.Read.All
    • Report.Read.All
    • StorageAccount.Read.All
    • Tenant.Read.All
    • Workspace.Read.All
  5. At the bottom of the page, click the Grant Admin consent button. (If you only see the Add permissions button you are not an administrator.)

Create a client secret

To create a client secret:

  1. In the left menu of the app registration, under the Manage section, click Certificates & secrets.
  2. Under the Client secrets tab, click the New client secret button.
  3. Enter a description and set the expiration.
  4. At the bottom of the page click the Add button.
  5. For your create secret, under the Value column, click the copy icon to copy the secret value.

Retrieve the tenant and client IDs

To retrieve the tenant ID and client ID from the Azure portal:

  1. In the left menu of the app registration, at the top click Overview.
  2. Under the Essentials section, copy the Application (client) ID and the Directory (tenant) ID.

Create a security group

To create a group:

  1. Open the menu and click Azure Active Directory.
  2. In the left menu, under the Manage section, click Groups.
  3. At the top of the page, click the New group button.
  4. Set the Group type to Security.
  5. Enter a Group name and (optionally) a Group description.
  6. Under Members click the No members selected link.
  7. Search for the application registration created above and click it to select it.
  8. At the bottom of the page click the Select button.
  9. At the bottom of the page click the Create button.

Enable extra admin API settings

🚨 Careful! Only administrators can perform this action.

To enable the Microsoft Power BI admin API:

  1. Log in to the Power BI admin portal: https://app.powerbi.com/admin-portal
  2. From the menu under Admin portal click Tenant settings.
  3. Under the Developer settings heading, expand the Allow service principals to use Power BI APIs expandable and ensure this is Enabled.
    1. Under Specific security groups (Recommended) add the security group created above.
    2. At the bottom of the expanded section click the Apply button.
  4. Under the Admin API settings heading, expand the Allow service principals to use read-only Power BI admin APIs expandable and ensure this is Enabled.
    1. Under Specific security groups add the security group created above.
    2. At the bottom of the expanded section click the Apply button.
  5. Still under the Admin API settings heading, expand the Enhance admin APIs responses with detailed metadata expandable and ensure this is Enabled.
    1. Under Specific security groups add the security group created above.
    2. At the bottom of the expanded section click the Apply button.
  6. Still under the Admin API settings heading, expand the Enhance admin APIs responses with DAX and mashup expressions expandable and ensure this is Enabled.
    1. Under Specific security groups add the security group created above.
    2. At the bottom of the expanded section click the Apply button.

Add service principal as a workspace viewer

🚨 Careful! Only administrators can perform this action.

To add a service principal as a workspace viewer:

  1. Log in to the Power BI portal: https://app.powerbi.com
  2. From the menu on the left, open Workspaces and then the workspace you want to access from Atlan.
  3. Above the table, click the Access button.
  4. In the resulting panel:
    1. Inside the text box that says Enter email addresses enter the name of the security group you created above.
    2. Change the drop-down below this to Viewer.
    3. Below the drop-down, click the Add button.

Related articles

Was this article helpful?
0 out of 0 found this helpful