Skip to main content
Showing results for 
Search instead for 
Did you mean: 

Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started

Regular Visitor

Power BI Embedded and Azure Active Directory Authentication

Power BI Embedded and Azure Active Directory Authentication – There is limted documentation available at this time and we know the service is still in preview, but we read that Power BI Embedded supports token level authentication and Azure Active Directory Authentication. Code examples are provided for token level authentication, but we have not seen any for Azure Active Directory Authentication.  Are there any examples available connecting to Power BI Embedded workspaces with Azure Active Directory Authentication.

Post Prodigy
Post Prodigy

I  am also trying to achive the similar scenerio!!

but I am not able to do so, How will I be able to achive this I am using the app owns data scnerio, but nowhere its written how and where I have to do this. Guidence is all we need.


The feature of passing AAD token to SQL Azure is currently not supported in "App owns data" scenario.

We are currently looking into this ask.


Consider using "User owns data" for this flow for now.




You are saying that I cant design an application that gives access to users by matching there credentials from a database and opening a particular report for them using AAD Authorization??

If Not Then are there any ways So that I can achive this scenerio?

In "App owns data" scenario, there is no way to pass user AAD token through PowerBI to SQL Azure.




So are there any other scnerios where this is possible?

In "User own data", users' AAD will be passed to SQL Azure, if his datasource is configured to do that.


Frequent Visitor

I'm facing similar problem, i have downloaded the sample Powerbi embedded App_own_data for the native app, it's working but i want user authentication to application from azure AD, I have also implemented "rls" but I have to pass username static in that can anybody please provide guidance.... 

New Member

I'm also trying to achieve a similar scenario.


  1. Create a direct query report in the Power BI portal pointing to a sql azure database
  2. Set the datasource of the report's dataset to a read only replica in Azure via the portal API
  3. Allow an Azure AD authenticated user to access the dataset with the previously set datasource

I did not find a way to make use of the on behalf of token in the connection string since it's not possible to pass the token in the connection string currently.


I would like to know if this is even possible and if not if there is any plan to allow for passing an authentication token in the actual connection string to sql server. I don't understand why this would never be possible given the fact that people already store sensitive credentials in the connection string the world over. Maybe this isn't the right forum for this question but a referral to the appropriate place to ask for this would also be useful.



Microsoft Employee
Microsoft Employee

Power BI Embedded leaves authentication and authorization up to the application that it is embedded into. You Can have your users sign into your app any way you want to (including AAD) and then your app can delegate permissions to Power BI using app tokens.

We need the credential of the current authenticated user to be able to flow through so it can be passed to the credentials for the dataset level access. e.g. connection to the azure sql database. ultimately the connection to the database needs to be under the context of the current logged in user. a fixed service account will not allow sql to know what user is requesting the data so we can only send the data relevant to that user. 

Not applicable

If you used the regular PBI and not the Embedded, then you could use the new Row Level Security feature, that is available in preview since a few weeks:


But I'm afraid you cannot use it with PBI Embedded.


Instead you could use predefined filters of your own for your embedded reports / tiles based on the user context. That's not super bullet-proof, but it does the job.

Not applicable

It sounds like a totally different scenario, and not really related to authentication. As far as I know user context is not available at all. Especially not in PBI Embedded, where the user is not impersonated, but a sinble application token is used. In the "conventional" version the logged in user can be used for row level security, when the datasource is an SSAS cube. But that's not applicabple here.


Folks, correct me if I'm wrong. But I thin you need a different approach here. Authentication tricks won't help you in this regard.

Helper I
Helper I

Try Option 7 on the sample to configure your AD account.

Helpful resources

Europe Fabric Conference

Europe’s largest Microsoft Fabric Community Conference

Join the community in Stockholm for expert Microsoft Fabric learning including a very exciting keynote from Arun Ulag, Corporate Vice President, Azure Data.

July 2024 Power BI Update

Power BI Monthly Update - July 2024

Check out the July 2024 Power BI update to learn about new features.

July Newsletter

Fabric Community Update - July 2024

Find out what's new and trending in the Fabric Community.