Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
mrhodes
Regular Visitor

Power BI Embedded and Azure Active Directory Authentication

Power BI Embedded and Azure Active Directory Authentication – There is limted documentation available at this time and we know the service is still in preview, but we read that Power BI Embedded supports token level authentication and Azure Active Directory Authentication. Code examples are provided for token level authentication, but we have not seen any for Azure Active Directory Authentication.  Are there any examples available connecting to Power BI Embedded workspaces with Azure Active Directory Authentication.

13 REPLIES 13
Anmolgan
Post Prodigy
Post Prodigy

I  am also trying to achive the similar scenerio!!

but I am not able to do so, How will I be able to achive this I am using the app owns data scnerio, but nowhere its written how and where I have to do this. Guidence is all we need.

Hi.

The feature of passing AAD token to SQL Azure is currently not supported in "App owns data" scenario.

We are currently looking into this ask.

 

Consider using "User owns data" for this flow for now.

 

Eli.

 

You are saying that I cant design an application that gives access to users by matching there credentials from a database and opening a particular report for them using AAD Authorization??


If Not Then are there any ways So that I can achive this scenerio?

In "App owns data" scenario, there is no way to pass user AAD token through PowerBI to SQL Azure.

 

 

Eli.

So are there any other scnerios where this is possible?

In "User own data", users' AAD will be passed to SQL Azure, if his datasource is configured to do that.

 

shanu_123
Frequent Visitor

I'm facing similar problem, i have downloaded the sample Powerbi embedded App_own_data for the native app, it's working but i want user authentication to application from azure AD, I have also implemented "rls" but I have to pass username static in that can anybody please provide guidance.... 

jeffabailey
New Member

I'm also trying to achieve a similar scenario.

 

  1. Create a direct query report in the Power BI portal pointing to a sql azure database
  2. Set the datasource of the report's dataset to a read only replica in Azure via the portal API
  3. Allow an Azure AD authenticated user to access the dataset with the previously set datasource

I did not find a way to make use of the on behalf of token in the connection string since it's not possible to pass the token in the connection string currently.

 

https://github.com/Azure/azure-content-nlnl/blob/master/articles/sql-database/sql-database-aad-authe...

 

I would like to know if this is even possible and if not if there is any plan to allow for passing an authentication token in the actual connection string to sql server. I don't understand why this would never be possible given the fact that people already store sensitive credentials in the connection string the world over. Maybe this isn't the right forum for this question but a referral to the appropriate place to ask for this would also be useful.

 

Thanks

jocaplan-MSFT
Employee
Employee

Power BI Embedded leaves authentication and authorization up to the application that it is embedded into. You Can have your users sign into your app any way you want to (including AAD) and then your app can delegate permissions to Power BI using app tokens.

We need the credential of the current authenticated user to be able to flow through so it can be passed to the credentials for the dataset level access. e.g. connection to the azure sql database. ultimately the connection to the database needs to be under the context of the current logged in user. a fixed service account will not allow sql to know what user is requesting the data so we can only send the data relevant to that user. 

Anonymous
Not applicable

If you used the regular PBI and not the Embedded, then you could use the new Row Level Security feature, that is available in preview since a few weeks:

https://powerbi.microsoft.com/en-us/documentation/powerbi-admin-rls/

 

But I'm afraid you cannot use it with PBI Embedded.

 

Instead you could use predefined filters of your own for your embedded reports / tiles based on the user context. That's not super bullet-proof, but it does the job.

Anonymous
Not applicable

It sounds like a totally different scenario, and not really related to authentication. As far as I know user context is not available at all. Especially not in PBI Embedded, where the user is not impersonated, but a sinble application token is used. In the "conventional" version the logged in user can be used for row level security, when the datasource is an SSAS cube. But that's not applicabple here.

 

Folks, correct me if I'm wrong. But I thin you need a different approach here. Authentication tricks won't help you in this regard.

pritesho
Helper I
Helper I

Try Option 7 on the sample to configure your AD account.

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors