top of page
Writer's pictureSujosu Technology

Embedding Power BI Reports into Your Portal Using a Service Principal

Embedding Power BI reports into a custom portal provides users with seamless access to data visualizations while maintaining security and scalability. This article demonstrates how to integrate Power BI reports into a portal (e.g., a React.js application) using a service principal. It highlights key steps, best practices, and includes diagrams to simplify the process.


Why Use a Service Principal?

A service principal acts as an identity for automation and integration scenarios, ensuring secure, programmatic access to Power BI without requiring individual user authentication. This approach is ideal for embedding reports in custom applications.


Step-by-Step Guide


Step 1. Register an Application in Azure AD


  • Log in to the Azure Portal and navigate to Azure Active Directory.

  • Go to App Registrations and create a new application.

    • Name: Provide a meaningful name (e.g., PowerBIEmbeddingApp).

    • Redirect URI: Use a placeholder URI like https://localhost (not needed for this scenario).

  • After registration, note down the Application (Client) ID and Directory (Tenant) ID.

  • Secure these details by storing them in an Azure Key Vault.


Step 2. Create a Service Principal


  • In the registered application, navigate to Certificates & Secrets.

  • Generate a new Client Secret:

    • Name the secret and set an expiration period.

    • Copy the secret value immediately as it won’t be retrievable later.

  • Store the Client Secret securely in the Azure Key Vault.


Step 3. Assign API Permissions


  • In the Azure Portal, go to the API Permissions section of the registered application.

  • Add Power BI Service permissions:

    • Dataset.ReadWrite.All

    • Report.ReadWrite.All

  • Grant admin consent for these permissions.


Step 4. Set Up the Power BI Workspace


  • In the Power BI Service, create a dedicated Workspace.

  • Add the service principal as an admin or member of this workspace to grant it access to the reports and datasets.


Step 5. Retrieve an Access Token


  • To interact with Power BI APIs, the application must retrieve an access token. This is achieved via an Azure Function.

    Azure Function Code Example (e.g in Node.js)



  • Environment Variables: Store TENANT_ID, CLIENT_ID, CLIENT_SECRET, WORKSPACE_ID, and REPORT_ID securely in the Azure KeyVault.


Step 6. Embed the Report in React.js


React Code Example


  • Use the Power BI React Client for seamless embedding.

  • Ensure sensitive data remains on the server side to prevent exposure.


Step 7. Secure the Workflow


  • Token Security: Never expose the access token or client secret in client-side code.

  • Key Vault Integration: Store all sensitive details in Azure Key Vault and retrieve them securely in server-side functions.

  • Workspace Security: Grant the service principal access to only necessary workspaces and datasets.


Flow Diagram: How it Works


Below is the flow of embedding a Power BI report using a service principal:

  1. React.js Application calls the Azure Function API.

  2. The Azure Function authenticates using the service principal and retrieves the access token and embed URL from the Power BI API.

  3. The React.js Application uses this information to display the Power BI report.


Image: End-to-End Workflow

Security Best Practices


  1. Key Vault Integration: Use Azure Key Vault to store sensitive values like client ID, tenant ID, and client secret.

  2. Token Security: Never expose the access token in client-side code or logs.

  3. Workspace Restrictions: Assign the service principal access to only necessary workspaces and reports


Benefits of This Approach


  1. Scalability: Service principals eliminate user dependency, supporting automation and scaling needs.

  2. Security: Keeps credentials and access tokens secure on the server side.

  3. Ease of Integration: Simplifies embedding Power BI in any frontend framework like React, Angular, or Vue.js.


Conclusion

By leveraging a service principal, your application can securely and efficiently embed Power BI reports, delivering dynamic insights to users. Following this guide ensures a robust integration while adhering to best practices.

13 views0 comments

Comments


bottom of page