# Power BI

{% hint style="info" %}

#### IP Whitelisting

If you need a VPN to connect to Power BI, make sure to whitelist the Paradime IP depending on your Paradime organization region. See more [here](https://docs.paradime.io/app-help/developers/ip-restrictions).
{% endhint %}

## Create an Azure Active Directory application <a href="#create-an-azure-active-directory-application-0-0" id="create-an-azure-active-directory-application-0-0"></a>

{% hint style="warning" %}
To create the Azure AD application and group you will need an **Azure AD administrator**
{% endhint %}

First you will need to create Azure Active Directory (AD) application.

Log into the [Azure portal](https://portal.azure.com/#home) and select Azure Active Directory page, choose the relevant directory where you want to register the new application.

1. On the left panel under **Manage**, select **App registrations**
2. On the top of your screen click on the **+ New registration** button
3. Register your new application:
   * Enter a name for the integration like `ParadimePowerBIIntegration`
   * In the Supported account types section, select `Accounts in this organizational directory only (<your-org-name> only - Single tenant)`
4. Then click on the **Register** button on the bottom-left corner of the screen

{% @arcade/embed flowId="lDVZncsKpdDK4zag745y" url="<https://app.arcade.software/share/lDVZncsKpdDK4zag745y>" %}

### Grant the required permissions <a href="#add-permissions-0-1" id="add-permissions-0-1"></a>

Next step is to add all the required permission can make the necessary API calls to extract metadata from your Power BI instance

1. On the left panel under **Manage section**, select **API permissions**
2. In the Configured permissions click on the **Add a permission** button.
3. Select from the list **Power BI Service**
4. Then click on **Delegated permissions** and grant the permissions below:

<table><thead><tr><th>API Name</th><th width="164.33333333333331">Type</th><th>Permission</th></tr></thead><tbody><tr><td>Power BI Service</td><td>Delegated</td><td><code>App.Read.All</code></td></tr><tr><td>Power BI Service</td><td>Delegated</td><td><code>Capacity.Read.All</code></td></tr><tr><td>Power BI Service</td><td>Delegated</td><td><code>Dashboard.Read.All</code></td></tr><tr><td>Power BI Service</td><td>Delegated</td><td><code>Dataflow.Read.All</code></td></tr><tr><td>Power BI Service</td><td>Delegated</td><td><code>Dataset.Read.All</code></td></tr><tr><td>Power BI Service</td><td>Delegated</td><td><code>Dataset.ReadWrite.All</code></td></tr><tr><td>Power BI Service</td><td>Delegated</td><td><code>Gateway.Read.All</code></td></tr><tr><td>Power BI Service</td><td>Delegated</td><td><code>Pipeline.Read.All</code></td></tr><tr><td>Power BI Service</td><td>Delegated</td><td><code>Report.Read.All</code></td></tr><tr><td>Power BI Service</td><td>Delegated</td><td><code>StorageAccount.Read.All</code></td></tr><tr><td>Power BI Service</td><td>Delegated</td><td><code>Tenant.Read.All</code></td></tr><tr><td>Power BI Service</td><td>Delegated</td><td><code>Workspace.Read.All</code></td></tr></tbody></table>

5. When done, on the the bottom of the page, click the **Add permission** button.

{% @arcade/embed flowId="tbKP0SDROE4V19ZT3jQa" url="<https://app.arcade.software/share/tbKP0SDROE4V19ZT3jQa>" %}

### Create a security group

Now let's create a security group that will be used later in PowerBI to grant Viewer access to your Power BI workspaces.

1. On the left panel under **Manage**, select **Groups**
2. On the top of your page click on the **New group** button to create our new Paradime group
3. Complete the new group configuration:
   * Set the group type to **Security**
   * Enter a Group name like `ParadimePowerBIGroup` and (optionally) a description
   * In the **Members** section click on the **No members selected** link.
4. Now search for for the Application registered earlier (`ParadimePowerBIIntegration)`to add it as a member and click on the **Select** button.
5. To complete creating this new group, click on the **Create** button on the bottom-left of the screen

{% @arcade/embed flowId="3e0b8JnRcOjjFDvQc3uK" url="<https://app.arcade.software/share/3e0b8JnRcOjjFDvQc3uK>" %}

## Get ClientID, Client Secret and primary domain <a href="#get-clientid-client-secret-and-primary-domain" id="get-clientid-client-secret-and-primary-domain"></a>

To connect the Power BI integration you will need from the Azure AD application we just created:

* Directory (Tenant) *ID*
* Application (Client) ID
* Client Secret

#### Get the tenant and client IDs

To get the Tenant ID and Client ID, in your app registration you can find this in the **Overview** section under **Essentials.**

#### Create a Client Secret <a href="#create-a-client-secret-0-2" id="create-a-client-secret-0-2"></a>

To create a new Client Secret in you App registration screen:

1. Click on **Certificates & secrets** under **Manage**
2. Click the **New client secret** button udder the Client secrets section
   * Enter a description for your Client Secret
   * Set the expiration, we recommend 24months
3. When done, click the **Add** button.
4. Now you can find the Client Secret under the value column, click the copy icon to get the secret value.

{% @arcade/embed flowId="P7uMWe9lfRybmNbQJYqH" url="<https://app.arcade.software/share/P7uMWe9lfRybmNbQJYqH>" %}

## Power BI extra admin API settings

{% hint style="warning" %}
You will need Power BI admin access to enable these settings. **Make sure to enable these permission for the integration to work.**
{% endhint %}

{% @arcade/embed flowId="Ox9vBiaPyAKKCqQu5gBa" url="<https://app.arcade.software/share/Ox9vBiaPyAKKCqQu5gBa>" %}

In order to enable the Microsoft Power BI admin API, login and navigate to the Admin portal <https://app.powerbi.com/admin-portal> and click on **Tenant settings**.

1. Scroll to the `Developer settings` section and expand **Allow service principals to use Power BI APIs**
   * `Enable` this setting using the toggle
   * Select `Specific security groups` (recommended) and enter the security group *`ParadimePowerBIGroup`* created [here](#create-a-security-group).
   * When done click on the **Apply** button
2. Scroll to the `Admin API settings` section and expand **Allow service principals to use read-only Power BI admin APIs**
   * `Enable` this setting using the toggle
   * Select `Specific security groups` (recommended) and enter the security group *`ParadimePowerBIGroup`* created [here](#create-a-security-group) .
   * When done click on the **Apply** button
3. Scroll to the `Admin API settings` section and expand **Enhance admin APIs responses with detailed metadata**
   * `Enable` this setting using the toggle
   * Select `Specific security groups` (recommended) and enter the security group *`ParadimePowerBIGroup`* created [here](#create-a-security-group) .
   * When done click on the **Apply** button
4. Scroll to the `Admin API settings` section and expand **Enhance admin APIs responses with DAX and mashup expressions**
   * `Enable` this setting using the toggle
   * Select `Specific security groups` (recommended) and enter the security group *`ParadimePowerBIGroup`* created [here](#create-a-security-group) .
   * When done click on the **Apply** button

## Add service principal as a workspace contributor <a href="#add-service-principal-as-a-workspace-viewer-0-6" id="add-service-principal-as-a-workspace-viewer-0-6"></a>

{% hint style="warning" %}
You will need Power BI admin access to add the service principal to the workspaces. **You will need to repeat the below steps for each workspace.**
{% endhint %}

Finally you will need to add the service principal to each workspace you want to enable Paradime to extract metadata. Login to Power BI and go to the [homepage](https://app.powerbi.com/home).

1. In the left menu, open **Workspaces** to view all available workspaces
2. Hover on the workspace name and click on the `more option` button and select **Workspace access**. You can also access this from the selected workspace **Manage access**
3. In the right-panel, click on `Add people or groups`, add the security group *`ParadimePowerBIGroup`* created [here](#create-a-security-group) in the text box
4. Using the dropdown, set the access to **`Contributor`** and click on the **Add** button

{% @arcade/embed flowId="cJyNHM8ahM7eEahnUSf7" url="<https://app.arcade.software/share/cJyNHM8ahM7eEahnUSf7>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.paradime.io/app-help/documentation/integrations/dashboards/power-bi.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.