Hi everyone,

We've been using Power BI since late 2016, and in particular, Power BI Embedded. We started with the PBI Embedded Workspace Collection, and we're working on migrating to Power BI Embedded. After struggling for a while, we're nearly done; however, there's one last issue that has been giving us headaches: generating an embed token for an account other than my own. So, we can generate the token and render the PBI Embedded report when using my credentials, but not when using a different account (no way we're rolling anything to production with client users impersonating my account!).

Here's our setup (we're using Power BI Embedded in the "ISV scenario" - external clients):

Azure

1. Environment uses AD, and is synced to AAD. My account, and the second account are global admins (I'll dial that back as soon as I know that's not the issue).
2. In Azure, I created the Power BI Embedded (A1) resource, and I set the Access Control so my account and another account are admins/owners. The resource is running.
3. On https://dev.powerbi.com/apps, I setup the App Registration with appropriate permissions for this report. On Azure, I updated the owners and required permissions (for the API calls) so the second account has the exact same permissions as my account (I even clicked the "grant permissions" button to ensure the permissions propagated).
4. For AAD, I went to Enterprise Applications, found the App Registration I created, and then added my acount and the second account as users (default access). I also verified that Power BI API permissions are set as needed (Permissions). I'm not sure if that was necessary, but I was grasping at straws, so why not, right?

Power BI

1. Using my account on powerbi.com (Power BI Pro license), I created the reporting workspace for the migrated report.
2. The PBI Report we're migrating was developed using PBI Desktop. I used my account to publish it to this new workspace on powerbi.com.
3. I edited the workspace to make an additional user account an admin for that workspace. That user account also has a Power BI Pro license assigned.
4. The workspace has been edited so it uses the dedicated capacity on Azure that I created earlier.
5. The second account is the same between Azure and Power BI (obviously).

I have watched many of the videos from Adam Saxton (Microsoft/GuyInACube), and read numerous articles. Adam was even kind enough to reply to some of my tweets to try to help me. At this point, I'm stuck. We can use my account for the moment, but we really need to change the ownership over to this second account. I should be able to assign this account as an admin, and have it work, but that doesn't seem to be the case. We keep getting an error on the permissions when creating the token and rendering the report. Works for my account, but not the second account. What am I missing?