{"id":783,"date":"2020-12-21T13:14:46","date_gmt":"2020-12-21T11:14:46","guid":{"rendered":"https:\/\/www.flip-design.de\/?p=783"},"modified":"2020-12-21T13:21:31","modified_gmt":"2020-12-21T11:21:31","slug":"power-bi-service-principals","status":"publish","type":"post","link":"https:\/\/www.flip-design.de\/?p=783","title":{"rendered":"Power BI Service Principals"},"content":{"rendered":"\n

With the Power BI Embedded OnBoarding Too<\/a>l you can easily embed applications. But the standard mode uses an users with a password. This users requires a Power BI Pro license and normally this users stands under some organizational standards, such as the password must be change after X days. But the biggest issue are, that the password is unencrypted at the web.config file.
These issues can be resolved by using a \u201cservice principal\u201d account. Microsoft has documented the way at this page:https:\/\/docs.microsoft.com\/en-us\/power-bi\/developer\/embedded\/embed-service-principal<\/a>

But here are some missing hints to get the principal work, such as the API permissions. This Blog Post will show you step by step how you can configure a account and setup a demo application.<\/p>\n\n\n\n

First you must enable at the Admin Portal of your Power BI tenant the use of the \u201cservice principals\u201d. (in a productive scenario you should use groups, not the entire organization)<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

To configure our embedded application we need our workspace and report id. (needed to configure the config file)<\/p>\n\n\n\n

\"\"
1 = workspace id
2 = report id<\/figcaption><\/figure>\n\n\n\n

Next we must create at the Azure tenant an \u201cApp registration<\/a>\u201d:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Then we must create the client secret<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"
Important<\/strong>: After you left this page, you cannot get the secret again!<\/figcaption><\/figure>\n\n\n\n

Now we must give the service principal API permissions for Power BI<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"
Cgeck that you only grant the required permissions!<\/strong><\/figcaption><\/figure>\n\n\n\n
\"\"
you must grant the permissions to your tenant!<\/strong><\/figcaption><\/figure>\n\n\n\n

After that, you must give the app registration user adin access to the workspace:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

Now you must setup the web.config:<\/p>\n\n\n\n

  1. Setup the Authentication Type to \u201cService Principal\u201d<\/li>
  2. Set the application Id, you will get it from the overview page of the created service principal<\/li>
  3. Setup the workspace and report id (step 3 and 4)<\/li>
  4. Paste here the secret<\/li>
  5. Setup your tenant id, you will also get the id from the overview page of the service principal<\/li><\/ol>\n\n\n\n
    \"\"<\/figure>\n\n\n\n

    Finally we can run our app by using the principal<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    That’s it! Enjoy!<\/p>\n","protected":false},"excerpt":{"rendered":"

    With the Power BI Embedded OnBoarding Tool you can easily embed applications. But the standard mode uses an users with a password. This users requires a Power BI Pro license and normally this users stands under some organizational standards, such … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.flip-design.de\/index.php?rest_route=\/wp\/v2\/posts\/783"}],"collection":[{"href":"https:\/\/www.flip-design.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.flip-design.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.flip-design.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.flip-design.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=783"}],"version-history":[{"count":10,"href":"https:\/\/www.flip-design.de\/index.php?rest_route=\/wp\/v2\/posts\/783\/revisions"}],"predecessor-version":[{"id":809,"href":"https:\/\/www.flip-design.de\/index.php?rest_route=\/wp\/v2\/posts\/783\/revisions\/809"}],"wp:attachment":[{"href":"https:\/\/www.flip-design.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=783"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.flip-design.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=783"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.flip-design.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=783"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}