Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Calling all Data Engineers! Fabric Data Engineer (Exam DP-700) live sessions are back! Starting October 16th. Sign up.

Reply
Gautam_Sharma
Frequent Visitor

Access PowerBI Report - when users having multiple Microsoft account from different Org

‎06-03-2024 12:43 AM

Hi Team,

We have published several PowerBI reports accessible to all authenticated users within our web application via an iframe, with a total user base of over 60,000. Everything works well because we have SSO configured with the same Identity Provider (IDP).

However, we encounter issues when users are already logged in with a different Microsoft account, leading to an error message stating "report not found." While this is technically expected, it is not ideal from a user perspective. We want to understand if we can embed the client or tenant ID in the report URL to ensure it always checks for the session of a specific tenant or Microsoft account, avoiding these issues for users.


We have a couple of options but bot feasible at this point of time for us so looking for alternatives.

1. Training the user base, which is challenging given the current circumstances.

2. Embedding the report using Javascript

   2.1 Register the application in Azure AD.
   2.2 Configure API permissions.
   2.3 Create a client secret.
   2.4 Implement server-side authentication and token generation.
   2.5 Embed the report client-side.
   The problem with this approach is that the access token would be accessible at the UI layer,which we are not comfortable sharing.

Please suggest if there is a way to enforce the PowerBI report URL to use a specific tenant or account.

Message 1 of 5
605 Views
0
1 ACCEPTED SOLUTION
Anonymous
Not applicable
In response to Gautam_Sharma

‎06-05-2024 07:10 PM

Hi @Gautam_Sharma ,

You must grant the service principal ReadOverrideEffectiveIdentity permission. Otherwise, the service principal can’t delegate the user identity to the gateway.

The following link will help you:

Power BI Embedded, Service Principals, and SSAS – Prologika

Best Regards,

Xianda Tang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 4 of 5
474 Views
4 REPLIES 4
Gautam_Sharma
Frequent Visitor

‎06-05-2024 12:25 PM

Thanks @Anonymous  for response. I followed the suggested appraoch however I am getting below error message could you please suggest what I am missing at my end.Appreciate your support.

Error: 400 Bad Request: "{"error":{"code":"InvalidRequest","message":"Creating embed token for accessing dataset XXXXX-XXX-XXX-XXX-XXXXXXXX requires effective identity to be provided"}}" Request Id: <Request-ID>


Message 3 of 5
497 Views
0
Anonymous
Not applicable
In response to Gautam_Sharma

‎06-05-2024 07:10 PM

Hi @Gautam_Sharma ,

You must grant the service principal ReadOverrideEffectiveIdentity permission. Otherwise, the service principal can’t delegate the user identity to the gateway.

The following link will help you:

Power BI Embedded, Service Principals, and SSAS – Prologika

Best Regards,

Xianda Tang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 4 of 5
475 Views
Gautam_Sharma
Frequent Visitor
In response to Anonymous

‎06-06-2024 06:03 AM

Thanks for pointing me in right direction.I am able to proceed now however I am facing below issue.

Is there anything I am missing at my end ? Kindly suggest

Gautam_Sharma_0-1717678964002.png

 

Message 5 of 5
454 Views
0
Anonymous
Not applicable

‎06-03-2024 11:20 PM

Hi @Gautam_Sharma ,

I recommend considering the "embed for customers" scenario and for service principal authentication. This method allows you to embed Power BI content for users without requiring them to have a Power BI account or sign in to a Microsoft account.

The whole step is pretty much the same as you said.

Use the service principal to get an access token from Azure AD. This token is then used to authenticate API requests to Power BI in order to embed the report. This process ensures that the access token isn't exposed at the UI layer.

Below is the official link will help you:
Embed Power BI content in an embedded analytics application with service principal and an applicatio...

Best Regards,

Xianda Tang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 5
540 Views
0

Helpful resources

Announcements
FabCon Global Hackathon Carousel

FabCon Global Hackathon

Join the Fabric FabCon Global Hackathon—running virtually through Nov 3. Open to all skill levels. $10,000 in prizes!

October Power BI Update Carousel

Power BI Monthly Update - October 2025

Check out the October 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All