Service Principal
Last updated
Last updated
Create your Azure App Registration: If you don't have any Azure App Registration, you must create one. You can do this in your Azure Portal in the "Azure Active Directory" menu.
Open your Azure Portal and go to your Active Directory
Click App Registration
Click New registration to create a new application
Fill in the name of the new application and create it.
Get the tenant ID and the application values: Follow these steps to get the tenant ID and the application values:
Select Azure Active Directory.
Select your application from the App registrations in Azure AD.
Copy the Directory (tenant) ID and store it in PowerBI Robots Agent. The directory (tenant) ID can also be found in the default directory overview page.
Copy the Application ID and store it in the PowerBI Robots Agent.
For more information, please visit: Microsoft website.
In the image below you can check where to paste the Tenant ID (step 3) and Application ID (step 4).
Generate your application's secret:
You can create a new application secret by following these steps:
Select Azure Active Directory.
From App registrations in Azure AD, select your application.
Select Certificates & secrets.
Select Client secrets -> New client secret.
Provide a description of the secret and a duration. When you’re done, click Add.
After saving the client’s secret, its value will be displayed. Copy and paste this value in PowerBI Robots Agent because you won't be able to retrieve the key later. The key value is used alongside the application ID to sign in Azure Storage.
In the image below you can check where to paste the Client Secret (step 6).
Create an Azure Group for PowerBI Robots:
You need to create an Azure Group and add your Azure App to it to add a specific security group in Power BI that can access your Power BI workspaces. Log in your Azure Portal, go to Azure Directory, select "Groups", and create a new one. Make sure you add your Azure App as a group member.
Add PowerBI Robots to a specific security group in Power BI Online
In this step, you will add your Azure App to a specific security group in the Power BI tenant settings. Without API permissions, PowerBI Robots (authenticated with your credentials) won’t be able to access your Power BI workspaces.
Go to Power BI Online, open "Settings" and select "Admin Portal".
On Tenant Settings, go to Developer Settings and toggle the Enabled slider under “Allow service principals to use Power BI APIs”. Next, apply it to a "specific security group”, and add the previously created Azure Group.
After clicking apply, the following message should appear. Keep in mind that this process often took as much as 1 hour to complete during testing.
Give Workspace permissions to PowerBI Robots:
To share your reports, the Azure Group you created needs access to all the workspaces that it’s a part of. You should repeat the process in this step for each workspace with reports you want to share.
In Power BI Online, go to “My workspaces”, click the dots next to one of your workspaces and select "Workspace access" from the dropdown menu.
Under "Add admins, members, or contributors" select your Azure Group, choose the "Admin" role, click "Add" and close the window. Also, search by the created App Registration and add it as an admin as well.
