Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more.
Get startedGrow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.
Hi,
I want to consume the PowerBI resource using rest APIs. Is it possible to get the aceess token from Auth0 instead of service principal and configure the PowerBI to validate the aceess token for any rest Api call from Auth0(registered app in Auth0) instead of service principal(resgistered app in Azure portal).
Thanks
Rahul Rathor
Solved! Go to Solution.
Hi @rahulrathor ,
Please review the following link, hope its solution can help you.
Can Auth0 integrate PowerBI? - Auth0 Community
There may be two options for this integration:
Option 1 : Provisioning the users on Azure AD with Auth0 identities
This option is explained for Office 365 app but the same idea may apply for PowerBI too. In this option, the domain federation is done in Azure AD so it should work for every application that uses Azure AD to authenticate technically.
On the first link below, there is a sample rule to create any required licenses on the Azure AD side, so that after a user logs in using a 3rd party IdP e.g. Google through Auth0, Office 365 sees the user as a valid user.
1- https://auth0.com/docs/integrations/office-365-custom-provisioning
2- https://auth0.com/learn/sprinklr-achieves-impossible-sso-with-auth0/
Option 2: Leveraging Power-BI embedded row security feature:
With this option, you may send the user’s credentials obtained from a successful authentication through Auth0 to power-bi API as a proof of user identity. Here are some related links showing how to implement this.
1- Security in Power BI embedded analytics - Power BI | Microsoft Learn
2- Embedding and Report Filters - Microsoft Power BI Community
3- azure-content/power-bi-embedded-app-token-flow.md at master · uglide/azure-content · GitHub
Use the external Postman tool to acquire a token. For more information, see this Power BI Community thread. The request URL for a service principal must be
https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token
, but for a master user, it can be eitherhttps://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token
orhttps://login.microsoftonline.com/common/oauth2/token
.Follow the sample solutions at PowerBI-Developer-Samples. For example:
For Embed for your customers see this AadService.cs file. Find the
authorityUrl
andscopeBase
at AppOwnsData/Web.config.For Embed for your organization see this OwinOpenIdConnect.cs file. Find
authorityUrl
at UserOwnsData/Web.config.
Best Regards
Hello, I am wondering if what you got as a solution was helpful ? I am about to go through the same journey you are and we are actually thinking of not using Power BI because of the little to no documentation there is about Auth0 authentication registration.
From thr reply you got Option 1 is not an option for us and besides all of the links provided in it don't work, and option 2 is good but docs area a bit generic. Anyway, just asking in case you were successful in using Auth0 and Power BI.
Cheers!
Hi @rahulrathor ,
Please review the following link, hope its solution can help you.
Can Auth0 integrate PowerBI? - Auth0 Community
There may be two options for this integration:
Option 1 : Provisioning the users on Azure AD with Auth0 identities
This option is explained for Office 365 app but the same idea may apply for PowerBI too. In this option, the domain federation is done in Azure AD so it should work for every application that uses Azure AD to authenticate technically.
On the first link below, there is a sample rule to create any required licenses on the Azure AD side, so that after a user logs in using a 3rd party IdP e.g. Google through Auth0, Office 365 sees the user as a valid user.
1- https://auth0.com/docs/integrations/office-365-custom-provisioning
2- https://auth0.com/learn/sprinklr-achieves-impossible-sso-with-auth0/
Option 2: Leveraging Power-BI embedded row security feature:
With this option, you may send the user’s credentials obtained from a successful authentication through Auth0 to power-bi API as a proof of user identity. Here are some related links showing how to implement this.
1- Security in Power BI embedded analytics - Power BI | Microsoft Learn
2- Embedding and Report Filters - Microsoft Power BI Community
3- azure-content/power-bi-embedded-app-token-flow.md at master · uglide/azure-content · GitHub
Use the external Postman tool to acquire a token. For more information, see this Power BI Community thread. The request URL for a service principal must be
https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token
, but for a master user, it can be eitherhttps://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token
orhttps://login.microsoftonline.com/common/oauth2/token
.Follow the sample solutions at PowerBI-Developer-Samples. For example:
For Embed for your customers see this AadService.cs file. Find the
authorityUrl
andscopeBase
at AppOwnsData/Web.config.For Embed for your organization see this OwinOpenIdConnect.cs file. Find
authorityUrl
at UserOwnsData/Web.config.
Best Regards
User | Count |
---|---|
12 | |
5 | |
2 | |
1 | |
1 |
User | Count |
---|---|
14 | |
4 | |
3 | |
3 | |
2 |