Register an Azure AD application to use with Power BI
To use Power BI embedded analytics, you need to register an Azure Active Directory (Azure AD) application in Azure. The Azure AD app establishes permissions for Power BI REST resources, and allows access to the Power BI REST APIs.
Determine your embedding solution
Before registering your app, decide which of the following solutions is best suited for you:
Embed for your customers
Use the embed for your customers solution, also known as app owns data, if you're planning to create an application that's designed for your customers. Users will not need to sign in to Power BI or have a Power BI license, to use your application. Your application will use one of the following methods to authenticate against Power BI:
Master user account (a Power BI Pro license used for signing in to Power BI)
The embed for your customers solution is usually used by independent software vendors (ISVs) and developers who are creating applications for a third party.
Embed for your organization
Use the embed for your organization solution, also known as user owns data, if you're planning to create an application that requires users to use their credentials to authenticate against Power BI.
The embed for your organization solution is usually used by enterprises and big organizations, and is intended for internal users.
Register an Azure AD app
The easiest way to register an Azure AD app is by using the Power BI embedding setup tool. The tool offers a quick registration process for both embedding solutions, using a simple graphical interface.
If you're creating an embed for your organization application, and want more control over your Azure AD app, you can register it manually in the Azure portal.
Before you register a Power BI app you need an Azure Active Directory tenant and an organizational user.
These steps describe how to register an Azure AD application for the Power BI embed for your customers solution.
The following instructions will not work for GCC customers. If you are embedding for a GCC, follow the instructions for Manual registration.
- Open the Power BI App Registration Tool.
- In the Choose an embedding solution section, select Embed for your customers.
In Step 1 - sign in to Power BI, sign in with a user that belongs to your Power BI tenant. The Azure AD app will be registered under this user.
If you're already signed in, verify that you're signed in with the user you want to use for creating the Azure AD app. To change a user, select the sign out link and once the tool restarts, sign in again
In Step 2 - Register your application, fill in the following fields:
Application Name - Give your application a name.
API access - Select the Power BI APIs (also known as scopes) that your application needs. You can use Select all to select all the APIs. For more information about Power BI access permissions, see Permissions and consent in the Microsoft identity platform endpoint.
Your Azure AD app Application ID is displayed in the Summary box. Copy this value for later use.
(Optional) In Step 3 - Create a workspace, you can create a workspace in Power BI service.
If you already have a Power BI workspace, select Skip.
To create a workspace, enter a name for your workspace and select Create workspace. Your Workspace name and ID appear in the Summary box. Copy these values for later use.
For the embedded analytics sample app to work as expected, you have to create a workspace using the tool.
(Optional) In Step 4 - Import content, select one of following options:
If you have your own Power BI app, you can select Skip.
If you want to create a sample Power BI app using a sample report, select Sample Power BI report and then select Import.
If you want to create a sample Power BI app using your own report, select Upload a .pbix file, browse for your file and then select Import.
In Step 5 - Grant permissions, select Grant permissions and in the pop-up window select accept. This allows your Azure AD app to access the APIs you selected (also known as scopes) with your signed in user. This user is also known as the master user.
(Optional) If you created a Power BI workspace and uploaded content to it using the tool, you can now select Download sample application. Make sure you copy all the information in the Summary Box.
If you skipped the optional stages, you can still download a sample Power BI app. However, the code in the downloaded app, will lack the properties that you didn't fill in during registration. For example, if you didn't create a workspace, the sample app will not include the workspace ID.
Change your Azure AD app's permissions
After you register your application, you can make changes to its permissions. Permission changes can be made programmatically, or in the Azure portal.
Azure AD app permissions are only applicable for these scenarios:
- Embed for your organization
- Embed for your customers with the master user authentication method
In the Azure portal, you can view your app and make changes to its permissions.
Sign into the Azure portal.
Select your Azure AD tenant by selecting your account in the upper right corner of the page.
Select App registrations. If you can't see this option, search for it.
From the Owned applications tab, select your app. The application opens in the Overview tab, where you can review the Application ID.
Select the View API permissions tab.
Select Add a permission.
To add permissions, follow these steps (note that the first step is different for GCC apps):
- From the Microsoft APIs tab, select Power BI service.
For GCC apps, Select the APIs my organization uses tab, and search for either Microsoft Power BI Government Community Cloud OR fc4979e5-0aa5-429f-b13a-5d1365be5566.
Select Delegated Permissions and add or remove the specific permissions you need.
When you're done, select Add permissions to save your changes.
To remove a permission, follow these steps:
Select the ellipsis (...) to the right of the permission.
Select Remove permission.
In the Remove permission pop-up window, select Yes, remove.