Power BI with Service Principal

For companies with strict information security protocols, integrating Power BI through a service principal with app registration is a more favorable approach than using individual user accounts. This method addresses several challenges that often arise in user-based integrations.

For instance, when an employee’s role or permissions change, another user must re-authenticate, leading to potential disruptions. Similarly, with individual accounts, authentication tokens usually expire after a short period, forcing re-authorization and token refreshes every few months, which can be inconvenient.

By adopting a service principal, the authentication tokens are linked to a registered application rather than a user, extending their validity and reducing the frequency of re-authorization. Yodeck fully supports this approach for seamless Power BI integration.

Premium App

Step 1 – Create a Microsoft Entra app in the Azure portal

• Sign in to the Azure portal.
• Search for and select App registrations.

• Select New registration.

• Please fill out the Name for your application and leave the other information as is. You can change these options at any time.

• Select Register.
• After you register your app, the Application ID and Tenant ID are available from the Overview tab. Copy and save them for later use.

• Select Certificates & secrets.

• Select New client secret.

• In the Add a client secret window, enter a description, specify when you want the client secret to expire, and select Add

Copy and save the client’s secret value.

Step 2 – Enable the Power BI service admin settings

For a Microsoft Entra app to access the Power BI content and APIs, a Power BI admin needs to enable the following settings:

• Embed content in apps
• Allow service principals to use Power BI APIs

In the Power BI Admin portal, go to Tenant settings and scroll down to Developer settings.

• Enable Embed content in apps for (*) the entire organization.

• Enable Allow service principals to use Power BI APIs for (*) the entire organization.

Step 3 – Add the service principal to your workspace

• In the Power BI service, scroll to the workspace you want to enable access to. From its More menu, select Workspace access.

• In the Access pane, click the “Add people or groups” button.

• You can add one of the following:
  • (We use this in our example) Your service principal. The name of your service principal is the Display name of your Microsoft Entra app, as it appears in your Microsoft Entra app’s overview tab.
  • The security group includes your service principal.

• On the drop-down menu, select Member and then click Add.

• Your Access Pane should look like this:

Step 4 – Set up a Power BI with Service Principal in Yodeck

• Search for the Power BI app in the apps gallery.

• Select Use App

• Select the log-in option “Authenticate with Service Principal“.

• Fill out all the required fields:
  • Name – A desired name for your Power Bi app.

• Login – Click the Service Principal login button and enter your app’s credentials.

• URL – Enter the report/dashboard URL for which the service principal has access to.

• (Optional) Hit Preview to check your Power BI app.
• Hit Save.

Your Power Bi app with Service Principal authentication is now ready for use!

FAQ

Why do I see Checking permissions... instead of a report tile in my dashboard?

That happens when you try to view a dashboard containing a report, and the service principal lacks permissions for the report’s semantic model. To solve this, you can manage the report’s permissions and grant the service principal access to its semantic model.

Need Help?

The Yodeck Support Team can help you out! Log in to your Yodeck account and Send us a message from the bottom right corner!