Before you configure the connection properties, make sure to complete the following prerequisites:
1Configure the following prerequisites in Power BI:
aCreate a workspace.
bCreate a lakehouse in the workspace. Ensure that you have admin privileges to create the lakehouse.
2Configure the following prerequisites in the Azure portal:
aCreate an application in Azure Active Directory and generate client ID, tenant ID, and client secret.
bCreate a security group in Azure Active Directory and add owners or members to the security group.
3Enable the Power BI service admin settings to allow the Azure Active Directory application to use the Power BI APIs.
4Add the Azure Active Directory application to the workspace in Power BI.
Creating a workspace in Power BI
You must access your Power BI account and create a workspace.
1Log in to your Power BI account.
2On the home page, click Power BI, and then click Data Engineering.
3Click Workspaces, and then click New workspace to create a new workspace.
4On the Create a workspace page, enter the details for the new workspace.
aIn the Name field, enter the workspace name.
bIn the Description field, provide a description for the workspace.
cOptionally, assign the workspace to a domain.
dClick Apply.
Creating a lakehouse in the workspace
You need to create a lakehouse in the workspace that you created in Power BI.
1Navigate to the workspace you created.
2Click New, and then click Lakehouse to create a new lakehouse.
3Enter a name for the new lakehouse, and then click Create.
Creating an application in Azure Active Directory
In the Azure portal, you need to create an application in Azure Active Directory and generate client ID, tenant ID, and client secret.
1Log in to the Azure portal.
2Click Azure Active Directory.
3In the Manage section, click App registrations.
4Click New registration to create a new Azure Active Directory application.
5On the Register an application page, enter the details for the new application.
aIn the Name field, enter the application name.
bIn the Redirect URI section, select Web as the type of the application and enter the URL of the application.
cClick Register.
The details of the newly created Azure Active Directory application page are displayed.
6In the Manage section, click Certificates & secrets.
7Click New client secret.
8In the Add a client secret page, perform the following steps:
aEnter a name for the client secret in the Description field.
bIn the Expires field, you can select the duration of the key as Never(Recommended).
cClick Add.
dThe value of the key is generated and displayed in the Value field.
Note: You must copy the key value as you cannot retrieve the value once you leave the page. Ensure that the client secret does not contain special characters.
After you register the application, you can continue without assigning any API permissions to the application. If the application is assigned some default permissions, you can remove them.
Creating a security group in Azure Active Directory
After you create an application, you need to create a security group in Azure Active Directory and add owners or members to the group.
1Click Azure Active Directory.
2In the Manage section, click Groups.
3Click New group to create a new group in Azure Active Directory.
4On the New Group page, enter the details for the new group.
aSelect a Group type.
bIn the Group name field, enter the group name.
cIn the Group description field, add a description to the group.
dSelect a Membership type.
eOptionally, you can add members or users to the group. Click the link under Owners or Members to populate a list of every user or member in your directory. Choose users or members from the list, and then click Select.
5Click Create.
Enabling the Power BI service admin settings
In the Power BI account, enable the Power BI service admin settings to allow Azure Active Directory application to access the Power BI APIs.
1Log in to your Power BI account.
2Navigate to Tenant settings, and then click Developer settings.
3Enable Embed content in apps for the entire organization or the security group you created in Azure Active Directory, and then click Apply.
4Enable Allow service principals to use Power BI APIs for the entire organization or the security group you created in Azure Active Directory, and then click Apply.
Adding the Azure Active Directory application to the workspace
In the Azure portal, add the Azure Active Directory application to the workspace to provide access to your Power BI reports, dashboards, and datasets.
1 Navigate to the workspace that you created.
2From the More options menu, select Workspace access.
3In the Manage access pane, search for the Azure Active Directory application that you want to add to the workspace.
4In the search results, select the Azure Active Directory application and click Add people or groups.
5 Assign an appropriate role to the Azure Active Directory application from the list based on the capabilities you require, with the maximum number of capabilities associated with the admin role and the minimum number of capabilities with the viewer role:
- Admin
- Member
- Contributor
- Viewer
Note: The capabilities associated with the viewer role is insufficient to successfully run tasks. You would require at a minimum the contributor role to access Microsoft Fabric OneLake and perform read and write operations.
