Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
boble
New Member

Managed indentity and Power BI

‎03-07-2024 05:12 AM

Hello,

 

We aim to ensure our reports are not user-dependent. That's why we're interested in using a managed identity to manage the connections to our data sources. However, we're struggling to find information on this topic. Is this a common challenge?

Labels:
Message 1 of 6
3,243 Views
0
1 ACCEPTED SOLUTION
tackytechtom
Super User
Super User
In response to boble

‎03-08-2024 12:13 AM

Hi @boble ,

 

The idea is to refresh the token right before a semantic model refresh is triggered from the refreshes REST API.  It's almost like a Just-In-Time access control approach: Anytime you want to fetch data from your sources, grab an access token from Entra ID (former Azure Active Directory) and use it for authentication. Then trigger a semantic model refresh via the REST API to get the data into Power BI. If you are already using the refreshes API to trigger a refresh (from a Data Factory, PowerShell, Python Script etc.) you would just need to add that part of fetching a token and updating the semantic model credentials before.

 

/Tom
https://www.tackytech.blog/
https://www.instagram.com/tackytechtom/



Did I answer your question➡️ Please, mark my post as a solution ✔️

Also happily accepting Kudos 🙂

Feel free to connect with me on LinkedIn! linkedIn

#proudtobeasuperuser 

View solution in original post

Message 4 of 6
3,198 Views
0
5 REPLIES 5
tackytechtom
Super User
Super User

‎03-07-2024 06:59 AM

Hi @boble ,

 

I interpret your query that you want to use Power BI's "managed identity" to login to your data sources in order to fetch the data from there. However, Power BI does not have its own managed identity. You could use Service Principals instead, though. For this, the Service Principal needs to take over / own the semantic model. Here a blog about this topic. It utilises an Azure DevOps Pipeline to do the job as part of an CICD process for an Azure SQL Database. But in the end it is just a PowerShell script that you can also run from other clients. 

 

Let me know, if this helps 🙂

 

/Tom
https://www.tackytech.blog/
https://www.instagram.com/tackytechtom/



Did I answer your question➡️ Please, mark my post as a solution ✔️

Also happily accepting Kudos 🙂

Feel free to connect with me on LinkedIn! linkedIn

#proudtobeasuperuser 

Message 2 of 6
3,222 Views
TU186002
New Member
In response to tackytechtom

‎09-24-2024 07:51 AM

Tom,

I'd be interested in reading more about your solution on your blog (great blog by the way).  Which one is it?  I thought it might be https://www.tackytech.blog/how-to-refresh-power-bi-datasets-from-data-factory-with-managed-identity/

but I wasn't sure.

 

Thanks

 

Tim

Message 5 of 6
1,506 Views
0
tackytechtom
Super User
Super User
In response to TU186002

‎09-24-2024 10:13 AM

Hi @TU186002 ,

 

It depends a little on what you wanna be doing. The article you are referring to uses Data Factory's Managed Identity to refresh a semantic model in Power BI. 

 

The query in this thread here, however, was about using some kind of Managed Identity that authenticates from Power BI into data sources. Since Power BI does not have a Managed Identity, you need to use Service Principals. For this, you can programmatically assign a Service Principal to take over the semantic model and then use its credentials for authentication (e.g. via an access token). 

I have seen in Fabric, that you can directly add a Service Principal and its secret without taking over the semantic model. I am not sure, whether this works out-of-the-box in Power BI already.

 

Here, the article that shows how to set a service principal as a semantic model owner:
https://www.tackytech.blog/how-to-make-a-service-principal-the-owner-of-a-power-bi-dataset/

 

Hope this helps! 

 

/Tom
https://www.tackytech.blog/
https://www.instagram.com/tackytechtom/



Did I answer your question➡️ Please, mark my post as a solution ✔️

Also happily accepting Kudos 🙂

Feel free to connect with me on LinkedIn! linkedIn

#proudtobeasuperuser 

Message 6 of 6
1,499 Views
0
boble
New Member
In response to tackytechtom

‎03-08-2024 12:01 AM

Hi,

 

Thank you for the link. It was very informative. I see at the end of the article that there is an issue with the token expiration. How did you solve this?

Message 3 of 6
3,202 Views
0
tackytechtom
Super User
Super User
In response to boble

‎03-08-2024 12:13 AM

Hi @boble ,

 

The idea is to refresh the token right before a semantic model refresh is triggered from the refreshes REST API.  It's almost like a Just-In-Time access control approach: Anytime you want to fetch data from your sources, grab an access token from Entra ID (former Azure Active Directory) and use it for authentication. Then trigger a semantic model refresh via the REST API to get the data into Power BI. If you are already using the refreshes API to trigger a refresh (from a Data Factory, PowerShell, Python Script etc.) you would just need to add that part of fetching a token and updating the semantic model credentials before.

 

/Tom
https://www.tackytech.blog/
https://www.instagram.com/tackytechtom/



Did I answer your question➡️ Please, mark my post as a solution ✔️

Also happily accepting Kudos 🙂

Feel free to connect with me on LinkedIn! linkedIn

#proudtobeasuperuser 

Message 4 of 6
3,199 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All