Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Hi!
At first, I'd describe prerequisites:
We manage user's access through Power BI App, published from premium workspace and RLS model, configured on the level of Dataset. Access on the level of Power BI App/Permissions and on the level of Dataset/Security is configured with AD security groups.
On the level of Power BI Service configured: allow AD guest users to access Power BI.
Users could be found in AD groups with type Guest. (added by Invitation)
And we've faced with the problem of access for external users. If user goes by direct link for an Power BI App, provided by publisher, his logo is grey, but he has access and could operate with App and report.
If he authenticates from scratch to https://app.powerbi.com/home , he don't see shared with him Power BI App and can't find it in list of available. But logo this time uploads the picture from MS 365.
In both cases we see user1@externaldomain.com mail under logo. And in both cases he goes through MS authentication flow.
I've read in topic, that if they use direct link to the tenant, everything works perfectly. But today I've faced that it's not such stable.
Could you please advice, what should I do, for being sure, that in case of configuration by AD security groups user would have an access? What else should be checked and configured?
Thanks!
Solved! Go to Solution.
Hi @morozna ,
Pls check official articles for restrictions relating to.
External Azure AD B2B guests can view apps, dashboards, reports, and export data. They can't access workspaces or publish their own content. To remove these restrictions, you can use the Allow external guest users to edit and manage content in the organization feature.
To invite guest users, a Power BI Pro or Premium Per User (PPU) license is needed. Pro Trial users can't invite guest users in Power BI.
Information protection in Power BI doesn't support B2B and multi-tenant scenarios. This means that although external users may be able to see sensitivity labels in Power BI:
Some experiences are not available to guest users who can edit and manage content in the organization. To update or publish reports, guest users need to use the Power BI service, including Get Data, to upload Power BI Desktop files. The following experiences aren't supported:
Guest users using social identities will experience more limitations because of sign-in restrictions.
This feature isn't currently available with the Power BI SharePoint Online report web part.
There are Azure Active Directory settings that can limit what external guest users can do within your overall organization. Those settings also apply to your Power BI environment. The following documentation discusses the settings:
You can share content from a government cloud, like GCC, to an external commercial cloud user. However, the guest user can't use their own license. The content has to be in capacity assigned to Premium to enable access. Or, you can assign a Power BI Pro license to the guest account.
Sharing outside your organization isn't supported for national clouds, like the China cloud instance. Instead, create user accounts in your organization that external users can use to access the content.
If you share directly to a guest user, Power BI will send them an email with the link. To avoid sending an email, add the guest user to a security group and share to the security group.
And about Azure B2B and Guest Management Best Practices ,refer:
https://www.youtube.com/watch?v=8MWcd3dihqs
Did I answer your question? Mark my post as a solution!
Best Regards
Lucien
Hi @morozna ,
Pls check official articles for restrictions relating to.
External Azure AD B2B guests can view apps, dashboards, reports, and export data. They can't access workspaces or publish their own content. To remove these restrictions, you can use the Allow external guest users to edit and manage content in the organization feature.
To invite guest users, a Power BI Pro or Premium Per User (PPU) license is needed. Pro Trial users can't invite guest users in Power BI.
Information protection in Power BI doesn't support B2B and multi-tenant scenarios. This means that although external users may be able to see sensitivity labels in Power BI:
Some experiences are not available to guest users who can edit and manage content in the organization. To update or publish reports, guest users need to use the Power BI service, including Get Data, to upload Power BI Desktop files. The following experiences aren't supported:
Guest users using social identities will experience more limitations because of sign-in restrictions.
This feature isn't currently available with the Power BI SharePoint Online report web part.
There are Azure Active Directory settings that can limit what external guest users can do within your overall organization. Those settings also apply to your Power BI environment. The following documentation discusses the settings:
You can share content from a government cloud, like GCC, to an external commercial cloud user. However, the guest user can't use their own license. The content has to be in capacity assigned to Premium to enable access. Or, you can assign a Power BI Pro license to the guest account.
Sharing outside your organization isn't supported for national clouds, like the China cloud instance. Instead, create user accounts in your organization that external users can use to access the content.
If you share directly to a guest user, Power BI will send them an email with the link. To avoid sending an email, add the guest user to a security group and share to the security group.
And about Azure B2B and Guest Management Best Practices ,refer:
https://www.youtube.com/watch?v=8MWcd3dihqs
Did I answer your question? Mark my post as a solution!
Best Regards
Lucien
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.
User | Count |
---|---|
14 | |
6 | |
4 | |
3 | |
3 |
User | Count |
---|---|
15 | |
9 | |
5 | |
3 | |
3 |