Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Get certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now

Reply
Cortana
Helper III
Helper III

Implementing Power BI Embedded with RLS for Intranet website

I need to build a Report Environment for an intranet website to embed Power BI reports for about 100++ users. I will implement Row-Level Security (RLS) so each user only sees their data, but I don't want to create individual Microsoft accounts for everyone. Users will authenticate through the intranet, like user will sign in to the website using his/her credentials and that credential should should match with RLS so he/she can see the report they are expecting to see.
I'm thinking of getting the Power BI Embedded license for report sharing. But I'm unsure about how I can execute the development portion.
Any advice on best practices for RLS implementation in this scenario, especially regarding the development part, properly embedding the report? Also, any tips on minimizing costs while leveraging existing Power BI Premium Per User (PPU) licenses would be greatly appreciated! Open to collaboration and any insights from similar projects.
Thanks!

4 REPLIES 4
SaiTejaTalasila
Super User
Super User

Hi @Cortana ,

 

Please refer this -

https://learn.microsoft.com/en-us/power-bi/developer/embedded/cloud-rls

https://skypoint.ai/blog/row-level-security-with-power-bi-embedded-using-mvc/

 

If you want to save some money then you can check with your power bi tenant admin or your IT department if any one owns premium capacity in your tenant.You can contact them if they are not fully using their premium capacity then there are chances they will allow you to move your workspace to their capacity and they will cross charge some amount based on users or utilisation.

 

I hope it will be helpful.

 

Thanks,

Sai Teja 

rajendraongole1
Super User
Super User

Hi @Cortana - Since you're looking to support around 100+ users and don’t want to assign each one a Power BI license, a Power BI Embedded (EM or A SKU) would be the right choice. Power BI Embedded allows you to embed reports in web applications for users who don’t have Power BI accounts.

  • With an A SKU license (pay-as-you-go), you can scale the capacity up or down as per demand, which is useful if you expect varying usage levels.
  • Alternatively, a Power BI Premium Per User (PPU) license could be used in combination with RLS if you have a small set of users needing premium features, though it would require each user to have a PPU licens
  • Using Power BI Embedded with A SKU or EM SKU allows you to leverage RLS without needing individual licenses for each user. Integrate with Azure AD for authentication and use the Power BI JavaScript API for embedding reports into your intranet. Leveraging Premium Per User for essential users and developers can also help control costs.

By following these steps, you can build a secure and scalable reporting environment with Power BI, optimized for an intranet setup without needing Microsoft accounts for all users. Let me know if you’d like more details on any specific part!

 

reference links:

Security in Power BI embedded analytics - Power BI | Microsoft Learn

Use row-level security with token based identities - Power BI | Microsoft Learn

Managing authentication and authorization for Power BI Embedded | Microsoft Learn

 





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!





Thank you.
I was actually looking an insight on this question, "how to especifically link my intranet authentication system with RLS within Power BI?"

Hi @Cortana -In Power BI Desktop, create roles for your dataset based on user-specific filters, such as UserID or Department.
For example, if each user should only see data associated with their UserID, define an RLS role that filters records based on the logged-in user's identifier.
Use the [UserPrincipalName()] DAX function to dynamically filter data based on the current user's identity.
2. Publish and Configure RLS in Power BI Service
Publish your report with RLS roles to the Power BI Service.
In the Power BI Service, verify that RLS roles are correctly applied and working as expected.
Test RLS by assigning a sample user and ensuring that only the intended data is visible for that user.

3. Since you’re using an intranet authentication system, the typical approach involves implementing a Secure Embed method using app tokens.

After users authenticate on the intranet, generate a Power BI Embed Token. This token should include the RLS role and user-specific information to restrict data access accordingly.

Azure AD B2C or another identity provider can help facilitate this if you're using OpenID Connect or OAuth2 for your intranet login. You would use Azure AD to authenticate the intranet user, then pass this authentication context when generating the Power BI embed token.

Please check below link for more details of embed

Security in Power BI embedded analytics - Power BI | Microsoft Learn

 

 





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!





Helpful resources

Announcements
November Carousel

Fabric Community Update - November 2024

Find out what's new and trending in the Fabric Community.

Live Sessions with Fabric DB

Be one of the first to start using Fabric Databases

Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.

Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.

Nov PBI Update Carousel

Power BI Monthly Update - November 2024

Check out the November 2024 Power BI update to learn about new features.