Implementing a Power BI connector involves multiple steps. Here’s a detailed guide that includes all the prerequisites and the step-by-step implementation process:
### Prerequisites Checklist for Power BI and Azure AD Integration-Onprem (Fabric Capacities & PPU licences)
Before starting the implementation, ensure you have the following:
Item | Details |
1. Power BI Account with Pro and Capacities Enabled | Ensure you have a Power BI Pro account or higher. This is necessary to access, create, and share reports effectively. |
2. Azure App and Its API Permissions | Register an Azure AD application. Configure its API permissions specifically for Power BI, allowing it to access datasets and reports. |
3. MFA Disabled Email of AD | Ensure there is an email account in Azure AD with Multi-Factor Authentication (MFA) disabled for seamless authentication. |
4. Client ID (Azure App ID) | Obtain the Client ID (Application ID) of the registered Azure AD application. This ID will be used for authentication and API access. |
5. Group ID from Power BI Reports | Identify the Group ID (workspace ID) of the Power BI reports or workspace you want to display. This ID is essential for accessing the reports. |
6. Permission to Access the Reports | Verify that the Azure AD application has the necessary permissions to access the Power BI reports, including read permissions for the relevant datasets. |
This checklist should help streamline the setup process for integrating Power BI with Azure AD applications effectively.
Limitations:
Report and Dataset Management:
Report Modifications: When modifications are made to reports tied to a dataset (semantic model), a dataset refresh is required to capture updates. If the refresh history is unavailable, it may indicate connectivity issues with the model.
Dashboard Restrictions:
Single Tile/Report per Dashboard: This limits customization, as users can only include one report or tile per dashboard.
Screenshot and Feed Management:
Screenshot Delay: Capturing report screenshots may experience delays.
First-Time Feed Creation: The Feed Manager will display a default Navori logo when setting up a new feed for the first time.
My Workspace:
Reports stored in My Workspace are not supported.
Recommendation: Use shared workspaces to ensure compatibility.
Auto-Refresh:
Default 15-Minute Refresh: Feeds refresh automatically every 15 minutes by default, though this interval can be adjusted.
File Size Limitations:
Larger files may generate errors, with a message indicating the file size is too large for snapshot generation.
Microsoft-Specific Limitations:
Paginated Reports:
Pro licenses do not support paginated reports without fabric capacity.
PPU licenses are restricted to one API call every 5 minutes without fabric capacity.
Embed Token Limitations:
Pro and PPU licenses limit the generation of embed tokens, whereas unlimited tokens are only available with capacity-based licensing.
Frequent Request Errors:
Microsoft may throw errors if too many requests with the same parameters are made in a short period.
Azure App Registration Implementation Steps
Once you have gathered the above prerequisites, proceed with the implementation steps:
Step 1A: Login into Azure portal with Azure Application administrator rights.
Navigate to https://portal.azure.com and search for App registrations
Register a New Application:
Click on New Registration to start registering a new application
Fill Out the Application Registration Form:
Name: Enter a name for your application.
Supported account types: Choose the appropriate option based on your needs (e.g., Accounts in this organizational directory only).
Redirect URI (optional): Depending on your application type, you may need to specify a redirect URI. This can be updated later.
Register the Application:
Click on Register to complete the registration process.
After clicking on register it will create an application and show you the below window.
Enable Authentication:
By default, authentication may be set to "No" (Off). Click on "Yes" (On) to enable authentication for your application.
Here you need to configure the permissions below, be careful at these steps. Click on +add a permission in the right side window Request API permissions click on APIs my organization users search Power BI services and click on Power Bi service.
Configure API Permissions:
Once in the application's overview, click on "API permissions" in the left-hand menu.
Add Permissions:
Click on "+Add a permission" at the top of the API permissions pane.
Request API Permissions:
In the "Request API permissions" pane, click on "APIs my organization uses".
Search for Power BI Service:
In the search box, type "Power BI" and select "Power BI Service" from the results
Select Permissions:
Choose the Delegate permissions
Select and add the below permissions
Below are the API permissions which is required for the Power BI application. please all the below listed applications.
Once you select the listed API permissions, now you need to click on Grant admin consent.
At this stage, Implementation is done with required API permissions.
Now Click on Overview in the left side pane on top and copy the Application (client) ID.
Now login to the Power BI portal create a new workplace and share with MFA disable account.
Prerequisites
Admin access to the Power BI workspace.
Email addresses of the users you want to share the workspace with should also have A premium capacity licence required for users (same for those who have MFA disabled) who interact with power services.
Steps to Share a Power BI Workspace
Sign in to Power BI:
Go to Power BI. https://app.powerbi.com/
Sign in with your Power BI account.
Navigate to Workspaces:
In the left-hand navigation pane, select Workspaces.
Create a new workspace you want to share with the same user who has MFA disabled.
Access Workspace Settings:
Click on the workspace name to open it.
Select the Settings gear icon in the upper right corner or select Workspace settings from the More options (three dots) menu.
Add Members to the Workspace:
In the Settings pane, select the Members tab.
Click on Add members.
Enter the email addresses MFA disable email account to add as a role Admin
Click Add.
Verify the workspace click on workspace settings and verify licence info, there should be a diamond icon.
Verify License Info:
In the Settings pane, go to the Premium tab.
Look for the diamond icon next to the workspace name, which indicates that the workspace is using Premium capacity.
Additionally, you should see information about the Premium capacity assignment under this tab.
Now time to create a new power BI report in a newly created and shared workspace. Open the report and copy the URL from the browser tab.
Now login to the Qlmanager create a new template and open datafeeedmanager
Click on + new feed and select type Power BI in the dropdown
And put the required fields accordingly.
Enter Data Source Details:
In the data source connection window, enter the following details:
Type: Power BI
Name: Any name you prefer for the BI template.
Login: Use the email ID of the user with MFA disabled.
Password: Enter the password for the MFA-disabled user account.
Client ID: Use the Client ID from the Azure application you created.
Report URL: Enter the Report URL from the shared workspace.
Troubleshooting steps for Power BI connector.
When troubleshooting issues with a Power BI connector, follow these steps:
1. Verify Basic Information
Data Source Type: Ensure you have selected the correct data source type in Power BI.
Name, Login, Password: Double-check the credentials you are using. Make sure the MFA-disabled email ID and password are correct.
Client ID: Ensure the Client ID matches the one provided for your Azure application.
Report URL: Confirm that the Report URL is correct and accessible.
2. Check Network Connectivity
Ensure your internet connection is stable.
Verify that there are no firewall or proxy settings blocking Power BI from accessing the data source.
3. Validate Azure Application Configuration
Client ID : Confirm that the Client ID in your Azure application registration match what you have entered in Power BI.
API Permissions: Ensure the Azure application has the required API permissions to access the data.
4. Authentication Issues
Ensure that the user account is MFA-disabled if required.
Check if there are any account lockouts or password expiration issues.
5. Data Source Accessibility
Ensure that the data source is up and running.
Verify that the user account has the necessary permissions to access the data source.
