PowerBI

Seemore natively supports PowerBI, which allows you to seamlessly integrate your PowerBi with your Seemore workspace.

Register application in Microsoft Entra ID

  1. Log in to the Azure portal: https://portal.azure.com/

  2. Open the menu and click Azure Active Directory.

  3. In the left menu, under the Manage section, click App Registrations.

  4. At the top of the page, click the New registration button.

  5. In the resulting page, enter the following information:

    • For Name enter a name for the integration. For example, SeemoreowerBIIntegration.

    • For Supported account types select Accounts in this organizational directory only (<directory> only - Single tenant).

  6. At the bottom of the page, click the Register button.

Client secret

  1. In the left menu of the app registration, under the Manage section, click Certificates & secrets.

  2. Under the Client secrets tab, click the New client secret button.

  3. Enter a description and set the expiration.

  4. At the bottom of the page click the Add button.

  5. For your create secret, under the Value column, click the copy icon to copy the secret value.

Security group

  1. Open the menu and click Azure Active Directory.

  2. In the left menu, under the Manage section, click Groups.

  3. At the top of the page, click the New group button.

  4. Set the Group type to Security.

  5. Enter a Group name and (optionally) a Group description.

  6. Under Members click the No members selected link.

  7. Add the appropriate member:

    • For Delegated User authentication: search for the user and select it.

    • For Service Principal authentication: search for the application registration created earlier and select it.

  8. Click Select and then Create.

By the end of these steps, you have registered an application with Microsoft Entra ID and created a Security Group with the appropriate member.

Configure authentication options

Seemore supports two authentication methods for fetching metadata from Microsoft Power BI:

Service principal authentication (recommended)

When using Service Principal authentication, you must decide how the connector shall access metadata to catalog assets and build lineage. There are two supported options:

Admin API

This option grants permissions that let the service principal to access only admin-level Power BI APIs. In this mode, Seemore extracts metadata exclusively using administrative endpoints. This option is recommended for stricter access control environments.

  1. Log in to the Power BI admin portal: https://app.powerbi.com/admin-portal

  2. From the menu under Admin portal click Tenant settings.

  3. Under the Developer settings heading, expand the Allow service principals to use Power BI APIs expandable and ensure this is Enabled.

    1. Under Specific security groups (Recommended) add the security group created above.

    2. At the bottom of the expanded section click the Apply button.

  4. Under the Admin API settings heading, expand the Allow service principals to use read-only Power BI admin APIs expandable and ensure this is Enabled.

    1. Under Specific security groups add the security group created above.

    2. At the bottom of the expanded section click the Apply button.

  5. Still under the Admin API settings heading, expand the Enhance admin APIs responses with detailed metadata expandable and ensure this is Enabled.

    1. Under Specific security groups add the security group created above.

    2. At the bottom of the expanded section click the Apply button.

  6. Still under the Admin API settings heading, expand the Enhance admin APIs responses with DAX and mashup expressions expandable and ensure this is Enabled.

    1. Under Specific security groups add the security group created above.

    2. At the bottom of the expanded section click the Apply button.

Configure Admin and Non-Admin API Access in PowerBI Service Portal

To enable both admin and non-admin API access:

  1. Log in to the Power BI admin portal.

  2. Click Tenant settings under Admin portal.

  3. Under Developer settings:

    1. Expand Service principals can use Fabric APIs and set to Enabled.

    2. Add your security group under Specific security groups.

    3. Click Apply.

  4. Under Admin API settings:

    1. Expand Enable service principals to use read-only Power BI admin APIs and set to Enabled.

    2. Add your security group.

    3. Click Apply.

    4. Expand Enhance admin APIs responses with detailed metadata and set to Enabled.

    5. Add your security group.

    6. Click Apply.

    7. Expand Enhance admin APIs responses with DAX and mashup expressions and set to Enabled.

    8. Add your security group.

    9. Click Apply.

    After making these changes, you typically need to wait 15-30 minutes for the settings to take effect across Microsoft's services.

Service principal as a workspace viewer

  1. Log in to the Power BI portal and go to the homepage.

  2. From the menu on the left, open Workspaces and then the workspace you want to access from Seemore.

  3. Above the table, click the Access button.

  4. In the resulting panel:

    1. Inside the text box that says Enter email addresses enter the name of the security group you created above.

    2. Change the drop-down below this to Viewer.

    3. Below the drop-down, click the Add button.

Delegated user authentication

Adding Permissions:

In your app’s dashboard, go to API permissions from the left-side menu.

  1. Click "Add a permission".

  2. Add Power BI Service Permissions

    • Select "Power BI Service" from the Microsoft APIs list.

    • Under Delegated permissions, add the following:

      • Tenant.Read.All

    • Click Add permissions.

  3. Add Microsoft Graph Permissions

The Microsoft Graph API Permissions is required In order to generate insights regarding inactive user accounts.

  • Go back to "Add a permission".

  • Select Microsoft Graph.

  • Under Application permissions, add the following:

    • Directory.Read.All under Directory.

    • User.Read.All under User.

    • Click Add permissions.

  1. Grant Admin Consent

  • After adding the permissions, an Admin Consent button may appear

  • Click Grant admin consent to finalize the configuration.

Note: Ensure that the service principal and the security group have been set up and configured properly to avoid access issues when using the Power BI APIs and workspaces.

Verify Permissions

  1. Go back to the API permissions page.

  2. Ensure the permissions list includes:

    • Power BI Service: Tenant.Read.All

    • Microsoft Graph: Directory.Read.All and User.Read.All

  3. Confirm the status shows that admin consent has been granted if needed.

Admin API settings configuration

To enable the Microsoft Power BI admin API:

  1. Log in to the Power BI admin portal.

  2. Click Tenant settings under Admin portal.

  3. Under Admin API settings:

    • Expand Enhance admin APIs responses with detailed metadata and set to Enabled

      • Add your security group

      • Click Apply

    • Expand Enhance admin APIs responses with DAX and mashup expressions and set to Enabled

      • Add your security group

      • Click Apply.

PreviousLookerNextRedshift

Last updated