/
Rights and Authorizations - Microsoft Power BI

Rights and Authorizations - Microsoft Power BI

Tenant ID

Go to Microsoft Azure and choose Microsoft Entra ID > Overview

image-20241204-150253.png

Step by step guide

Azure Portal

App registration

  1. Access “Microsoft Entra ID” in Azure Portal

    image-20250623-125324.png

  2. Add a new “App registration”

    image-20250623-125423.png

  3. Name it e.g. “Metadata API - Power BI”, set it to “Accounts in any organizational directory (Any Microsoft Entra ID tentant - Multitenant)” and register

    image-20250623-125600.png

  4. On the next page the Application (client) ID is what is needed for as Client ID in the Power BI connection in Metadata API.

    image-20250623-125908.png

  5. Create Secret

    1. Go to “Certificates & secrets”

    2. Choose “Client secrets”

    3. Select “New client secret”

    4. Enter a Description (e.g. “Metadata API - Power BI Secret”)

    5. Enter Expires value (e.g. 24 months)

    6. Click “Add”

      image-20250623-130405.png

  6. Copy Value of the next page as Client Secret

    image-20250623-130320.png

  7. Assign User.Read Permission of Microsoft Graph by going to API permissions and pressing “Grant admin consent for <your company>”

    image-20250623-130558.png

Create Group in Entra ID

  1. Go to Microsoft Entra ID

    image-20241204-160520.png

  2. Go to groups

    image-20241204-160756.png

  3. Add a new group

    image-20241204-160831.png

  4. Insert a group name (e.g. “Metadata API - Power BI Group”)

    image-20250623-130935.png

  5. Go to All groups

    image-20241204-160958.png

  6. Search the group and select it

    image-20250623-131024.png

  7. Select Members

    image-20250623-131054.png

  8. Select Add members

    image-20250623-131131.png

  9. Select the App you created above in step 3 (e.g. Metadata API - Power BI)

    image-20250623-131235.png

Power BI

  1. Open the Power BI Admin Settings Power BI

  2. Find the category Admin API settings and maintain it

    1. Enable the “Service principals can access read-only admin APIs”

    2. Insert the created security group

    3. Apply it

      image-20250623-131811.png

Configuration in appsettings.json of Metadata API

image-20250623-140227.png

 

© 2024 bluetelligence GmbH. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of bluetelligence GmbH. The information contained herein may be changed without prior notice. bluetelligence and Performer Suite and their respective logos are trademarks or registered trademarks of bluetelligence GmbH. SAP, ABAP, BAPI, SAP NetWeaver, SAP BI, SAP BW, SAC, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany or an SAP affiliate company. All other product and service names mentioned are the trademarks of their respective companies.
Impressum – Legal Notice: https://bluetelligence.de/en/imprint
Privacy policy: https://bluetelligence.atlassian.net/wiki/spaces/DMA/pages/4188635149/Privacy+Policy
Atlassian privacy policy: https://www.atlassian.com/legal/privacy-policy