As a BI Admin, use the following information to help you choose the correct authentication method for Power BI. You must authenticate to access your metadata. Collibra Data Lineage supports two authentication methods: Service principal, and username and password.
The method you choose determines how the Collibra Data Lineage retrieves the metadata. We recommend service principal authentication. This method enables detailed metadata scanning and improves security compared to using a username and password.
- You need access to the Power BI environment in which the data flow is stored.
- The semantic model in the data flow must exist in a premium workspace.
Service principal authentication allows Collibra Data Lineage to automatically access Power BI content and metadata via the Power BI REST APIs.
To use service principal authentication, a Power BI administrator must enable specific API settings in the Power BI Admin portal:
- Enable the Service principals can access read-only admin APIs option.
- Enable the Enhance admin APIs responses with detailed metadata option.
- Enable the Enhance admin APIs responses with DAX and mashup expressions option.
When creating a Power BI connection on Edge, select Service Principal as the authentication type, and enter your application ID and secret in the Application ID and Password/Secret key fields.
For detailed steps on getting these values, go to Enable service principal authentication for admin APIs and Add and manage application credentials in Microsoft Entra ID in the Microsoft documentation.
The username and password authentication method relies on the username (an email address) and a password you provide to access the Power BI metadata. To use the username and password authentication method, you need to be an Azure Active Directory user with a Power BI admin role in Power BI.
When you become an Azure Active Directory user, a new email address is created. This email address is the username you use to sign in to Power BI.
Only Azure Administrators can create users and require them to authenticate via username and password. The Azure Administrator also assigns the user the Power BI admin role. This user is only created for the purpose of Power BI integration in Collibra Platform. The user in Azure should have a Member user type.
Important The Power BI application in Microsoft Azure must be granted administrator rights, such as Office 365 Global Administrator or Power BI Service Administrator. Delegated permissions are supported.
Check whether you can use username and password authentication
You can use a cURL command to check whether you can use username and password authentication.
Run the following command, where the bolded text refers to your information:curl -v “https://login.microsoftonline.com/<your environment>.onmicrosoft.com/oauth2/v2.0/token” -F client_id=<your ID> -F “username=<your username>” -F “password=<your password>” -F “scope=https://analysis.windows.net/powerbi/api/.default” -F grant_type=password
To check on Windows, follow these steps:
- Download and install the cURL Command-Line Tool.
-
In Windows, click Start > Run, and then enter cmd in the Run dialog box.
- Run the following command, where the bolded text refers to your information:
“https://login.microsoftonline.com/<your environment>.onmicrosoft.com/oauth2/v2.0/token” -F client_id=<your ID> -F “username=<your username>” -F “password=<your password>” -F “scope=https://analysis.windows.net/powerbi/api/.default” -F grant_type=password