Register Power BI in Microsoft Azure and set permissions (deprecated)

Before you set up the Power BI harvester, make sure that the harvester can reach Power BI by registering Power BI in Azure and setting the necessary permission to harvest the metadata.

We highly recommend that you read about supported authentication methods before you register Power BI in Microsoft Azure.

Warning This procedure is performed outside of Collibra. A third party may change the software without notification, which can render this documentation out of date. We highly recommend that you carefully read the source documentation.

Steps

Tip

The content in this topic differs according to the authentication method.

Username / password Service principal

Follow the instructions instructions in the Microsoft Azure documentation to register Power BI in the Azure Portal using the following settings:

Setting	Description
Name	The name of your Power BI application.
Supported account types	The type of tenant. This indicates who can access the Power BI application. In this case, the supported account type must be Single tenant.
Redirect URI	The location to which a user's client is redirected and where security tokens are sent after a successful authorization. In this case, the redirected URI must be Web, but you do not have to specify any web location.

Setting

Description

Name

The name of your Power BI application.

Supported account types

The type of tenant. This indicates who can access the Power BI application.

In this case, the supported account type must be Single tenant.

Redirect URI

The location to which a user's client is redirected and where security tokens are sent after a successful authorization.

In this case, the redirected URI must be Web, but you do not have to specify any web location.

When you have registered Power BI, the Azure portal creates two important IDs that you need in the Power BI configuration file:

The Application (client) ID
The Directory (tenant) ID

Note We highly recommend that you store these IDs for further use. You can find the IDs in the Overview pane on the Azure portal or in the top right menu.

Create a user with the Power BI Administrator role.
In the Azure portal, go to Authentication pane and do the following:
1. Go to the Advanced settings section.
2. Set the Treat application as a public client to Yes.
Go to the API permissions pane and do the following:
1. Select Delegated permissions as permission type.
2. Grant the Power BI application in Microsoft Azure the Microsoft Graph User.Read permission.
3. Grant the Power BI application in Microsoft Azure all Power BI Service permissions.
4. Set Admin consent required for Tenant.ReadAll permission to Yes.
The user now has the following permissions:
- Microsoft Graph
  - User.Read
- Power BI Service
  - App.Read.All
  - Capacity.Read.All
  - Dashboard.Read.All
  - Dataflow.Read.All
  - Group.Read.All
  - Report.Read.All
  - Tenant.Read.All, with Admin consent required set to Yes.
  - Workspace.Read.All
In the Power BI Admin portal, do the following :
1. Enable the Allow service principals to use read-only Power BI admin APIs (preview) option.
2. Enable the Allow service principal to use Power BI APIs option in the Developer settings.
3. Apply the option to specific security groups.
4. Enter the name of the security group to which you want to add the service principal.
5. Enable the Allow XMLA endpoints and Analyze in Excel with on-premises datasets.
6. Apply the integration setting to the entire organization (default) or to the specific security group to which your workspaces belong.
Note You need Power BI administrator rights to access the Power BI Admin portal.
In the Power BI Admin portal, do the following :
1. Enable the Allow XMLA endpoints and Analyze in Excel with on-premises datasets.
2. Apply the integration setting to the entire organization (default) or to the specific security group to which your workspaces belong.

What's next?

You can add your Power BI workspaces to a dedicated capacity.