cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Anonymous
Not applicable

How to add a Service Principal as a Gateway Admin inorder to get a list of gateways using API ?

I need to get a list of all the Gateway clusters that is available in power bi portal. I went through the Rest Apis documentation(https://docs.microsoft.com/en-us/rest/api/power-bi/gateways/getgateway) and found that this API requires gateway admin permissions. I am using a Service Principal and have the permissions scope Gateway.ReadWrite.All & DataSet.ReadWrite.All set. 
From the Power Bi portal, it is not possible to add a Service Principal as a gateway admin. I tried the following steps and not able to succeed:

  1. Tried to add a service principal as an admin to the Gateway from the UI using the service principal name and object id, but it is not allowing and throwing error:
    These email addresses are invalid or duplicate: Service Principal Name
    Specify at least one email address
  2. Tried to create an AD group and added the Service Principal to that group and tried to add this group as an admin from the UI, but it is also not allowing and throwing the same error:
    Specify at least one email address

On further analysis, found the powershell cmdlet DataGateway. Using this cmdlet, I am able to create a new gateway cluster with Service Principal as an admin and this gateway cluster is getting listed in the Get Gateways api.

But, I am not able to add the Service Principal as an admin to existing gateways using this powershell cmdlets also.

Is this the only possible solution to add a Service Principal as an admin to a Gateway Cluster ?
Is there any option to add Service Principal as an admin user to an existing Gateway Cluster using this powershell script ?

Do we have any API to add the Service Principal as an admin to the existing Gateway Cluster ?

 

1 ACCEPTED SOLUTION
V-lianl-msft
Community Support
Community Support

Hi @Anonymous ,

 

Within the Power BI Admin portal, we need to ensure that our Tenant settings allow service principals to use Power BI APIs. In addition, you can restrict access to the APIs through security groups.

For more details,please refer to:

https://www.serverlessnotes.com/docs/list-gateways-power-bi-rest-api 

 

Best Regards,
Liang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

View solution in original post

8 REPLIES 8
Christophe93
Helper II
Helper II

Hi  

On my opinion , for  aleady  existing  on prem. gataways ,  ADD  the Service principal  as gateway Admin 
<-- run via  powershell  only
https://blog.jpries.com/2021/11/25/adding-a-non-email-enabled-object-to-power-bi-gateway-cluster-use...

No  chance for me  via  anothers methods ... but I get your opinions 

On python call   gateways  inventory API  via this SP connection 

Christophe93
Helper II
Helper II

Hi

It's Impossible to add manually  a AAD SP    to a gateway   (As admin for example)

But it can be done via Powershell   

https://blog.jpries.com/2021/11/25/adding-a-non-email-enabled-object-to-power-bi-gateway-cluster-use...

chriswhite1
Regular Visitor

did you manage to find a solution to adding a Service principal to an existing gateway on PBI?

V-lianl-msft
Community Support
Community Support

Hi @Anonymous ,

 

Within the Power BI Admin portal, we need to ensure that our Tenant settings allow service principals to use Power BI APIs. In addition, you can restrict access to the APIs through security groups.

For more details,please refer to:

https://www.serverlessnotes.com/docs/list-gateways-power-bi-rest-api 

 

Best Regards,
Liang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

Hi @sreejiths,

I hope this topic is not stale for you.*

1- As advised in the documentation, add your Service Principal to a Security Group

2- Then go to the Power Platform Admin Portal > Data section and add this Security Group to your Gateway's Admins

 

Your Service Principal will then have access to the gateway.

 

Hope this helps !

 

Franck

Anonymous
Not applicable

Thanks for the reponse. The tenant level developer settings for using SPN are already given and as I mentioned in the above description, I was able to list the gateways that are created using the Powershell cmdlet. My concern is regarding adding the SPN as an admin to the the gateways that exists already. 

I am also having this problem, my SP is in a security group ,I have added the security group as admin on all the gateways, I have this security group allowed to use all the APIs in Power BI tenant settings.

Still, the SP call to api.powerbi.com/v1.0/myorg/gateways returns an empty list.

The SP is able to call all other API endpoints I have tried without a problem.

@duncanmi I am having the same issue. Is this something you where able to resolve?

Helpful resources

Announcements
Carousel_PBI_Wave1

2023 Release Wave 1 Plans

Power BI release plans for 2023 release wave 1 describes all new features releasing from April 2023 through September 2023.

Power BI Summit Carousel 2

Global Power BI Training

Make sure you register today for the Power BI Summit 2023. Don't miss all of the great sessions and speakers!

BizApps LATAM 2023

Business Application LATAM Summit 2023

Join the biggest FREE Business Applications Event in LATAM this February.

Power Platform Bootcamp

Global Power Platform Bootcamp

In this bootcamp we will deep-dive into Microsoft’s Power Platform stack with hands-on sessions and labs, delivered to you by experts and community leaders.