Authentication (deprecated)

You have to be authenticated to access Power BI metadata. Your authentication method determines how you retrieve the metadata.The Power BI harvester supports two types of authentication:

  • Username and password
  • Service principal authentication

The metadata harvesting process is different for each authentication method. As a result, different configurations in Microsoft Azure and Power BI are required.

Note We recommend that you use the service principal authentication.

Username and password

The username and password authentication method relies on the username, in the form of an email address, and a password you provide to access the Power BI metadata.

To use the username and password authentication, you need to be an Azure Active Directory user with a Power BI admin role in Power BI and have a Contributor role in the Power BI workspaces that you want to ingest into Data Catalog.

When you become an Azure Active Directory user, a new email address is created. You use this email address to sign in to Power BI.

The email address that is created in Microsoft Azure is the username that you use to sign in to Power BI. You can store the username and password you use to sign in to Power BI in the Power BI configuration file.

In the Power BI Tenant settings in Power BI, you have to enable the Allow XMLA endpoints and Analyze in Excel with on-premises datasets. This setting has to be applied to the entire organization (default) or to the specific security group to which your workspaces belong.

Note Only Azure Administrators can create users and require them to authenticate via username and password. The Azure Administrator also assigns the user the Power BI admin role. This user is only created for the purpose of Power BI integration in Collibra Data Intelligence Cloud. The user in Azure should have a Member user type.

Service principal

The Service Principal authentication method lets an Azure Active Directory automatically access Power BI.

The Service Principal authentication relies on the Power BI Tenant ID and the Azure Active Directory application ID that you provide in the configuration file. The password you need to access Power BI is the client secret key of the Azure Active Directory application.

To use the Service principal authentication, you need to embed Power BI content with a Service Principal and an application secret. This means that you do the following:

  • Create an Azure AD security group.
  • Add the security group in the Power BI Tenant settings in Power BI.
  • In the Power BI Admin portal, you also do the following :
    • Enable the Allow service principals to use read-only Power BI admin APIs (preview) option.
    • Enable the Allow service principal to use Power BI APIs option in the Developer settings.
    • Apply the option to specific security groups.
    • Enter the name of the security group to which you want to add the service principal.
    • Enable the Allow XMLA endpoints and Analyze in Excel with on-premises datasets. This setting has to be applied to the entire organization (default) or to the specific security group to which your workspaces belong.
    Note You need Power BI administrator rights to access the Power BI Admin portal.
  • Assign the Contributor role to the security group in the Power BI workspaces you want to ingest.
Tip Do not confuse the Allow service principals to use read-only Power BI admin APIs (preview) option with the Allow service principal to use Power BI APIs option. You need to enable both options.