Get Started

Power BI (Beta)

IP Whitelisting

If you need a VPN to connect to Power BI, make sure to whitelist the Paradime IP depending on your Paradime organization region. See more here.

Create an Azure Active Directory application

To create the Azure AD application and group you will need an Azure AD administrator

First you will need to create Azure Active Directory (AD) application.

Log into the Azure portal and select Azure Active Directory page, choose the relevant directory where you want to register the new application.

  1. On the left panel under Manage, select App registrations

  2. On the top of your screen click on the + New registration button

  3. Register your new application:

    • Enter a name for the integration like ParadimePowerBIIntegration

    • In the Supported account types section, select Accounts in this organizational directory only (<your-org-name> only - Single tenant)

  4. Then click on the Register button on the bottom-left corner of the screen

Grant the required permissions

Next step is to add all the required permission can make the necessary API calls to extract metadata from your Power BI instance

  1. On the left panel under Manage section, select API permissions

  2. In the Configured permissions click on the Add a permission button.

  3. Select from the list Power BI Service

  4. Then click on Delegated permissions and grant the permissions below:

API NameTypePermission

Power BI Service

Delegated

App.Read.All

Power BI Service

Delegated

Capacity.Read.All

Power BI Service

Delegated

Dashboard.Read.All

Power BI Service

Delegated

Dataflow.Read.All

Power BI Service

Delegated

Dataset.Read.All

Power BI Service

Delegated

Gateway.Read.All

Power BI Service

Delegated

Pipeline.Read.All

Power BI Service

Delegated

Report.Read.All

Power BI Service

Delegated

StorageAccount.Read.All

Power BI Service

Delegated

Tenant.Read.All

Power BI Service

Delegated

Workspace.Read.All

  1. When done, on the the bottom of the page, click the Add permission button.

Create a security group

Now let's create a security group that will be used later in PowerBI to grant Viewer access to your Power BI workspaces.

  1. On the left panel under Manage, select Groups

  2. On the top of your page click on the New group button to create our new Paradime group

  3. Complete the new group configuration:

    • Set the group type to Security

    • Enter a Group name like ParadimePowerBIGroup and (optionally) a description

    • In the Members section click on the No members selected link.

  4. Now search for for the Application registered earlier (ParadimePowerBIIntegration)to add it as a member and click on the Select button.

  5. To complete creating this new group, click on the Create button on the bottom-left of the screen

Get ClientID, Client Secret and primary domain

To connect the Power BI integration you will need from the Azure AD application we just created:

  • Directory (Tenant) ID

  • Application (Client) ID

  • Client Secret

Get the tenant and client IDs

To get the Tenant ID and Client ID, in your app registration you can find this in the Overview section under Essentials.

Create a Client Secret

To create a new Client Secret in you App registration screen:

  1. Click on Certificates & secrets under Manage

  2. Click the New client secret button udder the Client secrets section

    • Enter a description for your Client Secret

    • Set the expiration, we recommend 24months

  3. When done, click the Add button.

  4. Now you can find the Client Secret under the value column, click the copy icon to get the secret value.

Power BI extra admin API settings

You will need Power BI admin access to enable these settings. Make sure to enable these permission for the integration to work.

In order to enable the Microsoft Power BI admin API, login and navigate to the Admin portal https://app.powerbi.com/admin-portal and click on Tenant settings.

  1. Scroll to the Developer settings section and expand Allow service principals to use Power BI APIs

    • Enable this setting using the toggle

    • Select Specific security groups (recommended) and enter the security group ParadimePowerBIGroup created here.

    • When done click on the Apply button

  2. Scroll to the Admin API settings section and expand Allow service principals to use read-only Power BI admin APIs

    • Enable this setting using the toggle

    • Select Specific security groups (recommended) and enter the security group ParadimePowerBIGroup created here .

    • When done click on the Apply button

  3. Scroll to the Admin API settings section and expand Enhance admin APIs responses with detailed metadata

    • Enable this setting using the toggle

    • Select Specific security groups (recommended) and enter the security group ParadimePowerBIGroup created here .

    • When done click on the Apply button

  4. Scroll to the Admin API settings section and expand Enhance admin APIs responses with DAX and mashup expressions

    • Enable this setting using the toggle

    • Select Specific security groups (recommended) and enter the security group ParadimePowerBIGroup created here .

    • When done click on the Apply button

Add service principal as a workspace viewer

You will need Power BI admin access to add the service principal to the workspaces. You will need to repeat the below steps for each workspace.

Finally you will need to add the service principal to each workspace you want to enable Paradime to extract metadata. Login to Power BI and go to the homepage.

  1. In the left menu, open Workspaces to view all available workspaces

  2. Hover on the workspace name and click on the more option button and select Workspace access. You can also access this from the selected workspace Manage access

  3. In the right-panel, click on Add people or groups, add the security group ParadimePowerBIGroup created here in the text box

  4. Using the dropdown, set the access to Viewer and click on the Add button

PreviousLookerNextPrettier

Last updated