Obtaining connection values for Microsoft Power BI
About this task
This topic provides instructions for obtaining the connection values for the Microsoft Power® BI connector.
To generate these values and connect to Microsoft Power BI, you need to register an application with the required permissions in Microsoft Azure, which will enable App Connect to integrate with Microsoft Power BI by using APIs and protocols.
To connect by using different authorization methods, you need to obtain client ID, client secret,
access token, refresh token, and tenant ID for your registered app, and then configure
permissions.
Note: These instructions assume that you are registering an application in Microsoft Azure for the first time.
Note: Choose the
applicable steps for the connection values based on the authorization method you
selected.
Procedure
- To register an application with Microsoft Azure, for
use with App Connect:
- Log in to the Microsoft Azure portal, and then locate and click App registrations.
- If you have access to more than one tenant, switch to the tenant where you want to register the app by using the Directories + subscriptions filter in the banner and then click the Close icon (X) to return to the previous page.
- In the
App registrations
page, click New registration. - In the
Register an application
page, specify a unique name for your app, select Accounts in any organizational directory (Any Azure AD directory - Multitenant) as the account type, and accept the default values for the remaining fields. - Click Register. The Overview page for the
application is displayed.
- Make a note of the Application (client) ID value because you need to specify it as a connection value when creating the account in App Connect.
- To generate a client secret for your registered application:
- Next to Client credentials on the Overview page,
click Add a certificate or secret. This displays the
Certificates & secrets
page. - Click New client secret
- In the
Add a client secret
panel, specify a description for the secret (for example, App Connect secret) and then select an expiry period. - Click Add. The generated client secret is displayed on the
Certificates & secrets
page. -
- Copy and store the client secret value because you need to specify it as a connection value when
creating the account in App Connect.Note: The client secret value won't be shown again in full after you leave this page.
- Next to Client credentials on the Overview page,
click Add a certificate or secret. This displays the
- Configure the permissions that App Connect needs.
- In the left pane, click API permissions and then click
Add a permission > Power BI
Service > Delegated permissions to add each of the
following permissions in turn. You can search for and select a permission, and then click
Add permissions.
Permissions Description App.Read.All
The app can view all Power BI apps you have access to. Capacity.Read.All
The app can view all Power BI Premium and Power BI Embedded capacities that you have access to. Capacity.ReadWrite.All
The app can view and edit all Power BI Premium and Power BI Embedded capacities that you have access to. Content.Create
App can automatically create content and datasets for you. Dataflow.Read.All
The app can view all dataflows that you have access to. Dataflow.ReadWrite.All
The app can view and edit all dataflows that you have access to. Dataset.Read.All
The app can view all your datasets and any datasets that you have access to. Dataset.ReadWrite.All
The app can view and write to all your datasets and any datasets that you have access to. Gateway.Read.All
The app can view all gateways that you are an admin of. Gateway.ReadWrite.All
The app can view and edit all gateways that you are an admin of. Report.Read.All
The app can view all your reports and reports that you have access to. The app can also see the data within the reports as well as its structure. Report.ReadWrite.All
The app can view and edit all your reports and any reports that you have access to. StorageAccount.Read.All
The app can view all storage accounts registered with Power BI that you are an admin of. StorageAccount.ReadWrite.All
The app can view and edit all storage accounts registered with Power BI that you are an admin of. Tenant.Read.All
The app can view all content in your tenant if the signed in user is in the Global administrator or Power BI service administrator role. Tenant.Read.All
The app can view all content in the tenant without a signed in user. Tenant.ReadWrite.All
The app can create, edit, view, and delete all content in your tenant if the signed in user is in the Global administrator or Power BI service administrator role. Tenant.ReadWrite.All
The app can create, edit, view, and delete all content in the tenant without a signed in user. UserState.ReadWrite.All
The app can view and edit your user settings and the user-specific state associated with content you have access to. Workspace.Read.All
The app can view all workspaces that you have access to. Workspace.ReadWrite.All
The app can view and edit all workspaces that you have access to. - If the status of any permission is shown as
Not granted for myDomain
, click Grant admin consent for myDomain, where myDomain is your domain name. Then click Yes to confirm. (This updates the status of all permissions toGranted for myDomain
.)
- In the left pane, click API permissions and then click
Add a permission > Power BI
Service > Delegated permissions to add each of the
following permissions in turn. You can search for and select a permission, and then click
Add permissions.
- To find the Tenant ID, go to the Microsoft Azure portal login page, then Azure Active Directory > Properties.
- Click Copy to copy the Tenant ID, and save it somewhere
safe.
For more information about Tenant ID, see How to find your Azure Active Directory tenant ID on the Microsoft Documentation page.
- Use an application such as IBM API Connect Test and Monitor or Postman to submit a POST
request to generate an access token and a refresh token that will be used to interact with Microsoft
Power BI on your behalf. Specify the following parameters:
- Request URL:
https://login.microsoftonline.com/organizations/oauth2/v2.0/token
- Content-Type:
application/x-www-form-urlencoded
- Request parameters:
Key Value client_id Set this to the Application (client) ID value that was generated for your registered app. scope Directory.ReadWrite.All offline_access grant_type password client_secret Set this to the client secret value that was generated under Certificates & secrets for your registered app. userName Set this to the username that was used to log in to the Azure portal. password Set this to the associated password for the username
- Request URL: