Power BI
Last updated
Was this helpful?
Last updated
Was this helpful?
If you need a VPN to connect to Power BI, make sure to whitelist the Paradime IP depending on your Paradime organization region. See more .
To create the Azure AD application and group you will need an Azure AD administrator
First you will need to create Azure Active Directory (AD) application.
Log into the and select Azure Active Directory page, choose the relevant directory where you want to register the new application.
On the left panel under Manage, select App registrations
On the top of your screen click on the + New registration button
Register your new application:
Enter a name for the integration like ParadimePowerBIIntegration
In the Supported account types section, select Accounts in this organizational directory only (<your-org-name> only - Single tenant)
Then click on the Register button on the bottom-left corner of the screen
Next step is to add all the required permission can make the necessary API calls to extract metadata from your Power BI instance
On the left panel under Manage section, select API permissions
In the Configured permissions click on the Add a permission button.
Select from the list Power BI Service
Then click on Delegated permissions and grant the permissions below:
Power BI Service
Delegated
App.Read.All
Power BI Service
Delegated
Capacity.Read.All
Power BI Service
Delegated
Dashboard.Read.All
Power BI Service
Delegated
Dataflow.Read.All
Power BI Service
Delegated
Dataset.Read.All
Power BI Service
Delegated
Dataset.ReadWrite.All
Power BI Service
Delegated
Gateway.Read.All
Power BI Service
Delegated
Pipeline.Read.All
Power BI Service
Delegated
Report.Read.All
Power BI Service
Delegated
StorageAccount.Read.All
Power BI Service
Delegated
Tenant.Read.All
Power BI Service
Delegated
Workspace.Read.All
When done, on the the bottom of the page, click the Add permission button.
Now let's create a security group that will be used later in PowerBI to grant Viewer access to your Power BI workspaces.
On the left panel under Manage, select Groups
On the top of your page click on the New group button to create our new Paradime group
Complete the new group configuration:
Set the group type to Security
Enter a Group name like ParadimePowerBIGroup and (optionally) a description
In the Members section click on the No members selected link.
Now search for for the Application registered earlier (ParadimePowerBIIntegration)to add it as a member and click on the Select button.
To complete creating this new group, click on the Create button on the bottom-left of the screen
To connect the Power BI integration you will need from the Azure AD application we just created:
Directory (Tenant) ID
Application (Client) ID
Client Secret
To get the Tenant ID and Client ID, in your app registration you can find this in the Overview section under Essentials.
To create a new Client Secret in you App registration screen:
Click on Certificates & secrets under Manage
Click the New client secret button udder the Client secrets section
Enter a description for your Client Secret
Set the expiration, we recommend 24months
When done, click the Add button.
Now you can find the Client Secret under the value column, click the copy icon to get the secret value.
You will need Power BI admin access to enable these settings. Make sure to enable these permission for the integration to work.
Scroll to the Developer settings section and expand Allow service principals to use Power BI APIs
Enable this setting using the toggle
When done click on the Apply button
Scroll to the Admin API settings section and expand Allow service principals to use read-only Power BI admin APIs
Enable this setting using the toggle
When done click on the Apply button
Scroll to the Admin API settings section and expand Enhance admin APIs responses with detailed metadata
Enable this setting using the toggle
When done click on the Apply button
Scroll to the Admin API settings section and expand Enhance admin APIs responses with DAX and mashup expressions
Enable this setting using the toggle
When done click on the Apply button
You will need Power BI admin access to add the service principal to the workspaces. You will need to repeat the below steps for each workspace.
In the left menu, open Workspaces to view all available workspaces
Hover on the workspace name and click on the more option button and select Workspace access. You can also access this from the selected workspace Manage access
Using the dropdown, set the access to Viewer and click on the Add button
In order to enable the Microsoft Power BI admin API, login and navigate to the Admin portal and click on Tenant settings.
Select Specific security groups (recommended) and enter the security group ParadimePowerBIGroup created .
Select Specific security groups (recommended) and enter the security group ParadimePowerBIGroup created .
Select Specific security groups (recommended) and enter the security group ParadimePowerBIGroup created .
Select Specific security groups (recommended) and enter the security group ParadimePowerBIGroup created .
Finally you will need to add the service principal to each workspace you want to enable Paradime to extract metadata. Login to Power BI and go to the .
In the right-panel, click on Add people or groups, add the security group ParadimePowerBIGroup created in the text box