Before you begin

• •Assign the required permissions.
• •Configure a connection to the Microsoft Power BI source system in Administrator.
• •Enable port 443 and configure your firewall to allow traffic to pass over port 443. The Secure Agent uses port 443 to connect to the internet.
• •If you use service principal authentication to authenticate your organization to the Microsoft Power BI service, enable read-only access to the Power BI admin API. For information about configuring service principal for read-only admin APIs, see HOW TO: Configure Service Principal for Microsoft Power BI.
• •In the Admin API settings section of the Power BI admin portal, enable the option Enhance admin APIs responses with DAX and mashup expressions.
• •Whether you authenticate using the administrator privileges or a service principal, enable Preview features for your organization to extract metadata from a Microsoft Power BI source system. Additionally, enable the enhanced metadata scanning feature to extract lineage from refreshed and republished datasets in your Microsoft Power BI environment.
For information about enabling Preview in Microsoft Power BI, see HOW TO: Enable Preview in Microsoft Power BI.
• •If you plan to connect Microsoft Power BI to Microsoft Azure through a REST API with the administrator user role, perform the following tasks:
1. 1Assign one of the following Power BI administrator privileges to the administrator user role:
• ▪ Microsoft 365 Global Administrator
• ▪ Power BI Service Administrator
2. 2Obtain administrator access at the workspace level.
• •Create endpoint catalog sources for connection assignment.

Verify permissions

Permissions for metadata extraction

• •Grants read permission to the user account to access the source system for Administrator user authentication.
• •Enables read-only access to the registered application for service principal authentication.

Permissions to run data classification

Permissions to run glossary association

Create a connection

1In Administrator, select Connections.
2Click Add Connection and select Microsoft Power Bl.
3Enter the connection properties.
The following table describes the connection properties:

Property	Description
Use Secret Vault	Stores sensitive credentials for this connection in the secrets manager that is configured for your organization. This property appears only if secrets manager is set up for your organization. When you enable the secret vault in the connection, you can select which credentials that the Secure Agent retrieves from the secrets manager. If you don't enable this option, the credentials are stored in the repository or on a local Secure Agent, depending on how your organization is configured. For information about how to configure and use a secrets manager, see Secrets manager configuration.
Connection Name	Name of the connection. Each connection name must be unique within the organization. Connection names can contain alphanumeric characters, spaces, and the following special characters: _ . + -, Maximum length is 255 characters.
Description	Description of the connection. Maximum length is 4000 characters.
Runtime Environment	The name of the runtime environment where you want to run tasks. Select a Secure Agent or serverless runtime environment.
Authentication Type	The authentication type to use for the connection. Choose to connect using the Admin User option or the Service Principal option.
Power BI service URL	The URL to access Microsoft Power BI and connect to the REST API. For example, https://api.powerbi.com/

4Based on the authentication type you selected, enter the following connection properties:

Admin User option

Specify the following properties:

Property	Description
Client ID	The ID to connect to the Microsoft Power BI cloud host. Enter the application ID or client ID for your Power BI app registered in Microsoft Azure Portal.
User Name	User name of the administrator to connect to the Microsoft Power BI cloud host.
Password	The password of the administrator account to connect to the Microsoft Power BI cloud host.

Service Principal option

Use the service principal authentication method for national clouds in the United States. If you use other national clouds, see Tutorial: Embed Power BI content into your application for national clouds.

Specify the following properties:

Property	Description
Authentication URL	URL for user authentication.
Scope	Parameter that the endpoint uses to authenticate the user.
Client ID	The ID to connect to the Microsoft Power BI cloud host. Enter the application ID or client ID for your Power BI app registered in Microsoft Azure Portal.
Tenant ID	Name of the Azure Active Directory tenant.
Client Secret	The client secret key to complete OAuth Authentication in the Azure Active Directory.

Proxy properties

If your organization uses an outgoing proxy server to connect to the Internet, the Secure Agent connects to Informatica Intelligent Cloud Services through the proxy server.

Specify the following properties:

Property	Description
Proxy Host	The host name or IP address of the outgoing proxy server.
Proxy Port	The port number of the outgoing proxy server.
Proxy User Name	Name of the authenticated user of the proxy server. Required if the proxy server requires authentication.
Proxy Password	Password for the authenticated user. Required if the proxy server requires authentication.

5Click Test.
6Click Save.

Create endpoint catalog sources for connection assignment