Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us for an expert-led overview of the tools and concepts you'll need to become a Certified Power BI Data Analyst and pass exam PL-300. Register now.

Reply
Anonymous
Not applicable

PBE with Service Principal: Creating embed token for accessing dataset requires effective identity

‎09-18-2021 06:52 AM

We created a PBIX using a live connection to a SSAS database running in an Azure virtual machine. We published the PBIX to a workspace in Power BI Service, where the dataset connects to the SSAS database through an on-premise data gateway on the Azure VM. Reports from the PBIX display correctly in the Power BI Service portal, so we know the data gateway is working.

 

We now want to embed the reports in the "for customers" (app owns the data) sample in .NET Framework that we downloaded from Github. If we configure the web.config to supply MasterUser credentials, then the sample works. But if we use ServicePrincipal credentials, it fails.

 

We set up an AAD application and configured web.config following the instructions here: Embed Power BI content in an embedded analytics application with service principal and an applicatio... The web.config file contains the correct values for authenticationType, applicationId, workspaceId, reportId, applicationSecret, and tenant. But when we run the sample we get this error message:

 

Status: BadRequest (400)
Response: {"error":{"code":"InvalidRequest","message":"Creating embed token for accessing dataset xxx-xxx-xxx-xxx-xxx requires effective identity to be provided"}}
RequestId: xxx-xxx-xxx-xxx-xxx

 

Does Power BI Embedded even support this scenario? That is, when using a service principal, does Power BI embedded work with a dataset that has a live connection to a SSAS database via an on-premise data gateway? If so, why are we not providing an "effective identity"?

 

@Xiaoxin Sheng

Labels:
Message 1 of 4
7,084 Views
0
1 ACCEPTED SOLUTION
V-lianl-msft
Community Support
Community Support

‎09-20-2021 07:35 PM

Power BI and SSAS both leverage AD so that means that any user you pass from Power BI to SSAS needs to be known in AD.You must grant the service principal ReadOverrideEffectiveIdentity permission. Otherwise, the service principal can’t delegate the user identity to the gateway.

Please refer to :

https://prologika.com/power-bi-embedded-service-principals-and-ssas/ 

View solution in original post

Message 3 of 4
6,989 Views
0
3 REPLIES 3
V-lianl-msft
Community Support
Community Support

‎09-20-2021 07:35 PM

Power BI and SSAS both leverage AD so that means that any user you pass from Power BI to SSAS needs to be known in AD.You must grant the service principal ReadOverrideEffectiveIdentity permission. Otherwise, the service principal can’t delegate the user identity to the gateway.

Please refer to :

https://prologika.com/power-bi-embedded-service-principals-and-ssas/ 

Message 3 of 4
6,990 Views
0
Anonymous
Not applicable
In response to V-lianl-msft

‎09-21-2021 07:23 AM

Thank you V-liani. The blog post you linked explains what to do. Please put this information in the Microsoft documentation! We shouldn't need to chase down blogs to find this out.

Message 4 of 4
6,962 Views
0
Anonymous
Not applicable

‎09-20-2021 07:15 AM

UPDATE: We were able to prove that our ServicePrincipal registration works with datasets that connect through the on-premise data gateway to a SQL Server database instead of to SSAS. 

 

So again our question for Microsoft is: does Power BI embedded support ServicePrincipal authentication for a report whose dataset uses a live connection to a SSAS database via an on-premise data gateway?

 

If so, what additional steps are needed to avoid the "effective identity" error?

 

If not, where is this limitation documented?

Message 2 of 4
7,014 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June 2025 Power BI Update Carousel

Power BI Monthly Update - June 2025

Check out the June 2025 Power BI update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All