Summary

This article describes the configuration steps required in Azure AD and Power BI Service to allow Power BI access from InfoBurst. Please consult your Azure AD and Power BI administrators to determine the required authentication method and complete the steps described in this article.

Authentication Methods

There are three methods of Azure AD authentication. Consult your Azure AD administrator to determine which method is required in your Microsoft environment.

OAuth	Requires an application registered in Azure AD (with a secret and callback URI). Allows individual users to access Power BI using OAuth token-based authentication.
App + Secret	Requires an application registered in Azure AD and configured to use a secret value. Allows application-level access to Power BI Workspace(s).
App + Cert	Requires an application registered in Azure AD and configured to use a certificate and private key. Allows application-level access to Power BI Workspace(s).

OAuth

This authentication method requires a server callback from Microsoft. This callback requires InfoBurst to be SSL-enabled. Enable SSL before proceeding with below steps.

The App Secret has an expiry date designated by the Azure AD administrator. An expired Secret will prevent InfoBurst from authenticating to Azure AD. Plan to update the Secret in Azure AD and Power BI Platform accordingly.

Step 1 (InfoBurst): Obtain Callback URI	Select System > Configuration > Authentication Select OAuthCallbackURI Note value for use in Azure AD
Step 2 (Azure AD): Register App	Select App Registrations Select New registration Enter a Name Under Redirect URI select Web Enter Callback URI from Step 1 Select Register Note Application (client) ID and Directory (tenant) ID for use in InfoBurst Select Certificates & secrets Select New client secret Enter Description Select Expiry Select Add Note Value for use in InfoBurst
Step 3 (Azure AD): Grant API Permissions	Open App registrations Select the App created in Step 1 Select API Permissions Select Add a permission Select Power BI Service Select Delegated permissions Select the following permissions: Dataflow > Dataflow.ReadWrite.All Dataset > Dataset.ReadWrite.All Report > Report.ReadWrite.All Workspace > Workspace.ReadWrite.All Select Add Permissions
Step 4 (InfoBurst): Create Power BI Platform	Select System > Platforms > New Platform Select Type > Power BI Enter Name Under Azure AD Authentication > OAuth enter Application ID, Application Client Secret, and Directory (Tenant) ID Select Save Select Begin Authentication (new Microsoft authentication tab opens). This step adds Platform Credentials only for the InfoBurst administrator user. See User Access below for user Platform Credentials process. Select Accept Return to InfoBurst Select Close

User Access

Each InfoBurst intending to use the Power BI Platform must first add Platform Credentials:

Select the user profile (username top right)
Select Platform Credentials
Select +
Select the Power BI Platform
Select Begin Authentication (new Microsoft authentication tab opens)
Select Accept
Return to InfoBurst
Select Close

Token Maintenance

User authentication tokens issued by Microsoft can expire. Use the following process to renew an authentication token:

Select user profile
Select Platform Credentials
Select the Power BI Platform
Select Update Authentication to renew token

App + Secret

The Application Secret Value has an expiry date designated by the Azure AD administrator. An expired Application Secret Value will prevent InfoBurst from authenticating to Azure AD. Plan to update the Application Secret Value and Power BI Platform accordingly.

Step 1 (Azure AD): Register App	Select App Registrations Select New registration Enter a Name Select Register Note Application (client) ID and Directory (tenant) ID for use in InfoBurst Select Certificates & secrets Select New client secret Enter Description Select Expiry Select Add Note Value for use in InfoBurst
Step 2 (Azure AD): Grant API Permissions	Open App registrations Select the App created in Step 1 Select API Permissions Select Add a permission Select Power BI Service Select Delegated Permissions Select the following permissions: Dataset > Dataset.ReadWrite.All Report > Report.ReadWrite.All Workspace > Workspace.ReadWrite.All Select Add Permissions
Step 3 (Azure AD): Add Security Group	Select View under Manage Azure Active Directory Select Groups Select New Group Group type: Security Group name: Add name Group description: Add description Members: Add App as member Select Create
Step 4 (Power BI Service): Configure Developer Settings	Select the gear icon in the Power BI portal Select Admin portal Select Tenant settings > Developer settings Expand Embed content in apps Select Enabled Select Apply to > The entire organization Select Apply Expand Allow service principals to use Power BI APIs Select Enabled Select Apply to > Specific security groups Add Azure AD Security Group created in Step 3 Select Apply
Step 5 (Power BI Service): Configure Workspace Access	Select Workspaces then ellipsis for target Workspace Select Workspace Access Enter Security Group name from Step 3 Select Admin Select Add Select Close
Step 6 (InfoBurst): Create Power BI Platform	Select System > Platforms > New Platform Select Type > Power BI Enter Name Select Azure AD Authentication > App + Secret Enter Application ID, Directory (Tenant) ID, and Application Secret Value Select Save Select Test Logon

App + Cert

Microsoft requires for this authentication method an X.509 certificate (.cer):

https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread

The corresponding Personal Information Exchange file (.pfx) and Private Key Password are required for the InfoBurst Power BI Platform described in Step 6 below.

The certificate has an expiry date designated by the certificate creator. An expired certificate will prevent InfoBurst from authenticating to Azure AD. Plan to update the certificate in Azure AD and Power BI Platform accordingly.

Step 1 (Azure AD): Register App	Select App Registrations Select New registration Enter a Name Select Register Note Application (client) ID and Directory (tenant) ID for use in InfoBurst Select Certificates & secrets Select Certificates Select Upload certificate Select Select a file to upload certificate Select Add
Step 2 (Azure AD): Grant API Permissions	Open App registrations Select the App created in Step 1 Select API Permissions Select Add a permission Select Power BI Service Select Delegated Permissions Select: Dataset.Read.All Dataset.ReadWrite.All Workspace.Read.All Workspace.ReadWrite.All Select Add Permissions
Step 3 (Azure AD): Add Security Group	Select View under Manage Azure Active Directory Select Groups Select New Group Group type: Security Group name: Add name Group description: Add description Members: Add App as member Select Create
Step 4 (Power BI Service): Configure Developer Settings	Select the gear icon in the Power BI portal Select Admin portal Select Tenant settings > Developer settings Expand Embed content in apps Select Enabled Select Apply to > The entire organization Select Apply Expand Allow service principals to use Power BI APIs Select Enabled Select Apply to > Specific security groups Add Azure AD Security Group created in Step 3 Select Apply
Step 5 (Power BI Service): Configure Workspace Access	Select Workspaces then ellipsis for target Workspace Select Workspace Access Enter Security Group name from Step 3 Select Admin Select Add Select Close
Step 6 (InfoBurst): Create Power BI Platform	Select System > Platforms > New Platform Select Type > Power BI Enter Name Select Azure AD Authentication > App + Cert Enter Application ID and Directory (Tenant) ID Select Save Select Choose File and select the .pfx file Enter the Private Key Password Select Upload Select Save Select Test Logon

InfoSol Help Desk

How can we help you today?

Power BI Access