Implementing a Power BI connector involves multiple steps. Here’s a detailed guide that includes all the prerequisites and the step-by-step implementation process:
### Prerequisites Checklist for Power BI and Azure AD Integration-SAAS
Before starting the implementation, ensure you have the following:
Item | Details |
1. Power BI Account | Ensure you have a Power BI Pro or Premium Per User (PPU) license. |
2. Multi-Factor Authentication (MFA) | Disable MFA for users interacting with Power BI services. |
3. Azure App Registration | - Register an Azure AD application. - Configure API permissions specific to Power BI services, including permissions for accessing datasets and reports. |
4. Client ID | Obtain the Client ID (Application ID) of the registered Azure AD application for authentication and API access. |
5. Group ID for Power BI Reports | Identify the Group ID (workspace ID) of the Power BI reports you want to access. |
6. Permissions Verification | Confirm that the Azure AD application has the required permissions to access the Power BI reports, specifically read access to the necessary datasets and reports. |
This checklist should help streamline the setup process for integrating Power BI with Azure AD applications effectively.
Implementing Power BI on a SaaS environment offers a practical solution for users with Pro and Premium Per User (PPU) licenses, helping them maximize value while avoiding the need for license upgrades. Here's a breakdown:
Key Benefits:
Pro & PPU License Compatibility: Works smoothly with Power BI Pro and PPU licenses, enabling access to most reporting functionalities.
Comprehensive Support: Supports a range of Power BI features, including:
Reports
Paginated Reports
Dashboards
Resource Efficiency: Optimized resource usage reduces overhead, making the solution cost-effective.
Limitations:
Report and Dataset Management:
Report Modifications: When modifications are made to reports tied to a dataset (semantic model), a dataset refresh is required to capture updates. If the refresh history is unavailable, it may indicate connectivity issues with the model.
Dashboard Restrictions:
Single Tile/Report per Dashboard: This limits customization, as users can only include one report or tile per dashboard.
Screenshot and Feed Management:
Screenshot Delay: Capturing report screenshots may experience delays.
First-Time Feed Creation: The Feed Manager will display a default Navori logo when setting up a new feed for the first time.
The Screenshot of the paginated report may differ slightly from the actual web layout displayed on the website.
My Workspace:
Reports stored in My Workspace are not supported.
Recommendation: Use shared workspaces to ensure compatibility.
Auto-Refresh:
Default 15-Minute Refresh: Feeds refresh automatically every 15 minutes by default, though this interval can be adjusted.
File Size Limitations:
Larger files may generate errors, with a message indicating the file size is too large for snapshot generation.
Microsoft-Specific Limitations:
Paginated Reports:
Pro licenses do not support paginated reports without fabric capacity.
PPU licenses are restricted to one API call every 5 minutes without fabric capacity.
Embed Token Limitations:
Pro and PPU licenses limit the generation of embed tokens, whereas unlimited tokens are only available with capacity-based licensing.
Frequent Request Errors:
Microsoft may throw errors if too many requests with the same parameters are made in a short period.
Browserless.io Limitations:
API Rate Limits:
Depending on your plan, there are restrictions on the number of API requests per day/month.
Recommendation: Review plan limits and adjust usage patterns or upgrade the plan if necessary.
Concurrent Sessions:
Limited concurrent browser sessions can lead to bottlenecks, especially if multiple users are accessing reports simultaneously.
Recommendation: Manage session load and consider session scaling solutions or higher plans to accommodate more users.
Azure App Registration Implementation Steps
Once you have gathered the above prerequisites, proceed with the implementation steps:
Step 1A: Login into Azure portal with Azure Application administrator rights.
Navigate to https://portal.azure.com and search for App registrations
Register a New Application:
Click on New Registration to start registering a new application
Fill Out the Application Registration Form:
Name: Enter a name for your application.
Supported account types: Choose the appropriate option based on your needs (e.g., Accounts in this organizational directory only).
Redirect URI (optional): Depending on your application type, you may need to specify a redirect URI. This can be updated later.
Register the Application:
Click on Register to complete the registration process.
After clicking on register it will create an application and show you the below window.
Enable Authentication:
By default, authentication may be set to "No" (Off). Click on "Yes" (On) to enable authentication for your application.
Here you need to configure the permissions below, be careful at these steps. Click on +add a permission in the right side window Request API permissions click on APIs my organization users search Power BI services and click on Power Bi service.
Configure API Permissions:
Once in the application's overview, click on "API permissions" in the left-hand menu.
Add Permissions:
Click on "+Add a permission" at the top of the API permissions pane.
Request API Permissions:
In the "Request API permissions" pane, click on "APIs my organization uses".
Search for Power BI Service:
In the search box, type "Power BI" and select "Power BI Service" from the results
Select Permissions:
Choose the Delegate permissions
Select and add the below permissions
Below are the API permissions which is required for the Power BI application. please all the below listed applications.
Once you select the listed API permissions, now you need to click on Grant admin consent.
At this stage, Implementation is done with required API permissions.
Now Click on Overview in the left side pane on top and copy the Application (client) ID.
Now login to the Power BI portal create a new workplace and share with MFA disable account.
Prerequisites
Admin access to the Power BI workspace.
Email addresses of the users you want to share the workspace with should also have A premium capacity licence required for users (same for those who have MFA disabled) who interact with power services.
Steps to Share a Power BI Workspace
Sign in to Power BI:
Go to Power BI. https://app.powerbi.com/
Sign in with your Power BI account.
Navigate to Workspaces:
In the left-hand navigation pane, select Workspaces.
Create a new workspace you want to share with the same user who has MFA disabled.
Access Workspace Settings:
Click on the workspace name to open it.
Select the Settings gear icon in the upper right corner or select Workspace settings from the More options (three dots) menu.
Add Members to the Workspace:
In the Settings pane, select the Members tab.
Click on Add members.
Enter the email addresses MFA disable email account to add as a role Admin
Click Add.
Now it's time to create a new power BI report in a newly created and shared workspace. Open the report and copy the URL from the browser tab.
Now login to the Qlmanager https://saas.navori.com/
create a new template and open datafeeedmanager
Click on + new feed and select type Power BI in the dropdown
And put the required fields accordingly.
Enter Data Source Details:
In the data source connection window, enter the following details:
Type: Power BI
Name: Any name you prefer for the BI template.
Login: Use the email ID of the user with MFA disabled.
Password: Enter the password for the MFA-disabled user account.
Client ID: Use the Client ID from the Azure application you created.
Report URL: Enter the Report URL from the shared workspace.
Troubleshooting steps for Power BI connector.
When troubleshooting issues with a Power BI connector, follow these steps:
1. Verify Basic Information
Data Source Type: Ensure you have selected the correct data source type in Power BI.
Name, Login, Password: Double-check the credentials you are using. Make sure the MFA-disabled email ID and password are correct.
Client ID: Ensure the Client ID matches the one provided for your Azure application.
Report URL: Confirm that the Report URL is correct and accessible.
2. Check Network Connectivity
Ensure your internet connection is stable.
Verify that there are no firewall or proxy settings blocking Power BI from accessing the data source.
3. Validate Azure Application Configuration
Client ID : Confirm that the Client ID in your Azure application registration match what you have entered in Power BI.
API Permissions: Ensure the Azure application has the required API permissions to access the data.
4. Authentication Issues
Ensure that the user account is MFA-disabled if required.
Check if there are any account lockouts or password expiration issues.
5. Data Source Accessibility
Ensure that the data source is up and running.
Verify that the user account has the necessary permissions to access the data source.
