Step 1: Register Azure AD App
- Register a new Application in Azure AD which will act as an Identity for Organization Application.
- Generated a Client Secret, please note the Client secret can be seen only once the value should be stored securely using existing Organization Secret Management Process. The Client Secret can be setup to expire periodically, hence annual maintenance process to be setup to avoid service failures
- The below are the essential Identifications that will be used for authenticating Application to Azure AD
- Application (client) ID: d7XXXXXXXXXXXXXXXXXXXXXXXXXXXXXe3
- Directory (tenant) ID: faXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXaa
- Client Secret: Not specified
Step 2: Power BI Service Configuration
- Reports are published to specific Workspace in Power BI Service. Power BI Workspace is a container where team members can create reports, dashboards and collaborate with other team members. Organization can have multiple Workspaces, “Production” is a premium capacity Workspace where all the Real-Time Organization reports are published.
- For Embedding a report in Organization Application Power BI Workspace should grant Admin access to the Security Group or Service Principal. Unless this access is granted the application is not authorized to access the reports in specific Workspace.
Step 3: Request for Access Token Service
- Request for Token Service can be implemented as an internal API which provides Application with Access Token.
- The function that provides Access Token require successful authentication with Service Principle and Client Secret.
Step 4: Report & Data Set GUID’s
- Power BI API - “https://api.powerbi.com/v1.0/myorg/groups/${workspaceId}/reports” can be used along with the Access Token generated in the previous step as header of the request to get all the Reports and Dashboards available in the Workspace.
- Input:
- Workspace ID: unique GUID associated with each workspace, the value is constant can be retrieved one off
- Access Token: The access token generated using previous step sent in the Header
- Output:
- Report ID: GUID of each report in each workspace
- Report Name: The name of the report
- Dataset Id: GUID of the dataset associated with each report
Please note for Embedding Power BI reports require a GUID for Workspace, Report & Dataset, the above method will provide these details, it is up to the implementation team whether these values can be saved as static values in configuration file, or they wish to dynamically get these details for each request.
Step 5: Get Embedded Token
- Power BI API - “https://api.powerbi.com/v1.0/myorg/GenerateToken" can be used along with Access Token generated in step 3.
- Input:
- Access Token: The access token generated using previous step sent in the Header
- Report Id: GUID of the report in each workspace.
- Dataset Id: GUID of Dataset associated with a report.
- Username: For Role Level Security, the username that user logged into Web Application is passed in the request e.g., Name_1@company.com
- Roles: The Power BI RLS Roles that are defined inside Power BI Service, in our case it is “RLS”.
- Output:
- Embedded Token: This Token is used for Embedding the exact report from Power BI Service inside Application.
Conclusion:
This project addresses a complex challenge of creating numerous dashboards with Low Code for a customer without Power BI Pro licenses. By successfully delivering this solution, the organization can provide the customer with comprehensive data insights while minimizing the coding, licensing costs and enhancing data security.