Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Don't miss out! 2025 Microsoft Fabric Community Conference, March 31 - April 2, Las Vegas, Nevada. Use code MSCUST for a $150 discount. Prices go up February 11th. Register now.

Reply
Anonymous
Not applicable

AD Security Group Not Found in Power BI: Embed Power BI

‎01-31-2024 12:18 PM

I'm currently facing difficulties in generating the embed token. My plan is to implement Row-Level Security (RLS) so that different users can only view their respective information on the Power BI dashboard that I am embedding.

I understand that the embed token is generated from the access token, and this access token is generated in different ways depending on how you want to authenticate. Following some topics in the Microsoft documentation, I adopted this model: https://learn.microsoft.com/en-us/power-bi/developer/embedded/embed-service-principal

I've already created the application in Azure and the client secret, thus obtaining the service principal. With this, I managed to generate the access token using the POST method on the API https://login.microsoftonline.com/{tenantID}/oauth2/token. I've also created a security group and added the application as a member.

However, when I attempt to enable the service principals to use Power BI APIs for the specific security group, I encounter the error 'You cannot use invalid or duplicate emails.' This occurs during the second step of stage 3, as outlined in the documentation mentioned in the link above.

I've tried using the security group's ID, the security group's name, the application's ID, and the application's name, but none of them can be located in the Power BI service administration.
I found a similar post here: https://community.fabric.microsoft.com/t5/Service/Adding-AD-security-groups-to-PowerBI-app-workspace..., but I would like more details on what might be missing from the AD side, as it mentions synchronization only.

Labels:
Message 1 of 5
915 Views
0
1 ACCEPTED SOLUTION
Anonymous
Not applicable
In response to v-jialongy-msft

‎03-01-2024 12:13 PM

Hello again! The solution is simpler than I thought. We have different directories on the Azure portal, and switching to the other one resolved the issue. It was necessary to recreate the application and security group because it's a different directory/subscription. See here: [https://learn.microsoft.com/en-us/azure/azure-portal/set-preferences]

View solution in original post

Message 5 of 5
793 Views
0
4 REPLIES 4
Anonymous
Not applicable

‎02-01-2024 05:16 AM

Hi @v-jialongy-msft 
Yes, the group is already a Security type; otherwise, I wouldn't be able to add the service principal to the group since it doesn't have an email address

lorenadnz_0-1706792808212.png

 

Message 3 of 5
865 Views
0
v-jialongy-msft
Community Support
Community Support
In response to Anonymous

‎02-12-2024 06:23 PM

Hi @Anonymous 

 

I followed your steps to create a security group.

vjialongymsft_0-1707790741913.png

 

 

I can implement the actions in the documentation

vjialongymsft_1-1707790914918.png

If you still can't achieve your goal, please provide us with detailed instructions so that I can help you better.

 

 

 

 

 

Best Regards,

Jayleny

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 4 of 5
837 Views
0
Anonymous
Not applicable
In response to v-jialongy-msft

‎03-01-2024 12:13 PM

Hello again! The solution is simpler than I thought. We have different directories on the Azure portal, and switching to the other one resolved the issue. It was necessary to recreate the application and security group because it's a different directory/subscription. See here: [https://learn.microsoft.com/en-us/azure/azure-portal/set-preferences]

Message 5 of 5
794 Views
0
v-jialongy-msft
Community Support
Community Support

‎01-31-2024 10:41 PM

Hi @Anonymous 

 

When you create a group, select Security Groups instead of Microsoft 365 Groups.

vjialongymsft_0-1706769639233.png

 

 

 

Best Regards,

Jayleny

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 5
871 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Prices go up Feb. 11th.

Feb2025 Sticker Challenge

Join our Community Sticker Challenge 2025

If you love stickers, then you will definitely want to check out our Community Sticker Challenge!

Jan25PBI_Carousel

Power BI Monthly Update - January 2025

Check out the January 2025 Power BI update to learn about new features in Reporting, Modeling, and Data Connectivity.

Jan NL Carousel

Fabric Community Update - January 2025

Find out what's new and trending in the Fabric community.

View All