The ultimate Microsoft Fabric, Power BI, Azure AI, and SQL learning event: Join us in Stockholm, September 24-27, 2024.
Save €200 with code MSCUST on top of early bird pricing!
Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started
Hello,
I have multiple reports published to the PowerBI service using an Azure Data Lake instance as the data source. I have successfully setup scheduled refresh for these reports. However, every two weeks the OAuth credentials PowerBI uses to perform the refresh expire, and I must manually renew them. I believe the manual step is necessary because our organization has enabled multi-factor authentication for all active directory users.
What is the recommended approach to schedule refreshes without having to manually renew the authentication periodically? Do I need to have a special user setup without multi-factor? Is there a way to setup service-to-service authentication like with an Active Directory app service principal's secret or certificate instead of a user's credential?
Sorry for my misunderstanding. Your Power bi account has enabled multi-factor authentication. But this is not for the Azure account you perform the schedule refresh. Right?
By default, the Refresh Token Max Inactive Time is 14 days. See: Configurable token lifetimes in Azure Active Directory (Public Preview)
You can use Multi-Factor for your Azure account. Or configure your current Azure account with maximum 90 days Refresh Token.
Regards,
I had been using my personal/administrative Azure Active Directory account credentials for the Power BI scheduled refreshes. That account had multi-factor authentication. I was experiencing the credentials expiring with that account.
I am now trying to use the credentials of a different user with more specialized permissions and Multi-Factory Authentication disabled. I'm hoping that this user's credentials won't expire, but I'm unclear if it will or not based on your post.
Is the refresh token a side effect of multi-factor authentication or do all OAuth credentials have this restriction?
I thought I had read somewhere that multi-factor authentication is what triggers the expiry, but it sounds now like I was wrong. Your link indicates that 'Multi-Factor Refresh Token Max Age' can be 'Until-revoked', and that single-factor and multi-factor can both be configured with the same expiry times. So that would seem to imply that multi-factor doesn't actually affect the credential expiry.
The refresh happens daily, so why would 'inactive time' apply? Wouldn't it be reset each time the refresh happens?
As you stated and as the link also states, the maximum inactive time is 90 days. If the daily refreshes do not reset the inactive time then I guess I must manually refresh credentials at least every 90 days. That's better than two weeks, but I would like to avoid the manual refresh altogether if possible.
Join the community in Stockholm for expert Microsoft Fabric learning including a very exciting keynote from Arun Ulag, Corporate Vice President, Azure Data.
Check out the August 2024 Power BI update to learn about new features.
User | Count |
---|---|
53 | |
22 | |
11 | |
10 | |
9 |
User | Count |
---|---|
113 | |
32 | |
30 | |
19 | |
18 |