Power BI Lineage Plus Connector – Service Principal Setup

To enable Bigeye to connect to Power BI and retrieve data lineage, you will need to configure a service principal and provide the necessary credentials.

1. Create a Service Principal Application

1. Log in to the Azure Portal.

2. Navigate to App registrations.

3. Click New registration.

   • Input a registration name, e.g., Bigeye PowerBI Enterprise Application.
   • Choose the top supported account type.
   • Click Register.
   

4. Once created, you will be redirected to the App Registration page. Select the application you just created.

   • Copy the Application (Client) ID and Directory (Tenant) ID.
   

5. Navigate to the Certificates & secrets tab.

   • Generate a new secret by clicking New client secret.
   • Give the secret a name.
   • Copy the generated secret from the Value column. (This will be used for authentication later.)
   

6. Go to the Members tab of your security group.

   • Add the service principal you just created as a member.
   

2. Create a New Security Group

1. Go to Microsoft Entra ID.
2. Click on Groups.
3. Select New group.
   • Give the new group a name, e.g., BigeyePowerBISecurity.
   • Set the Group Type to Security.

3. Grant Power BI Access to the Security Group

1. Go to the Power BI website and open the Admin portal.

   

2. Under Tenant settings → Developer settings:

   • Allow service principals to use Power BI APIs.
   • Apply this setting to the security group created in Step 2 (Specific security groups).
   

3. Under Admin API settings:

   • Enable service principals to use the Admin APIs, enhanced metadata, and expressions.
   • Expand all panels and give the security group access to all three settings.
   

4. Give the Service Principal Access to Workspaces

1. Log in to the Power BI website and go to the Workspaces tab.
2. For each workspace:
   • Click Manage access.
   • Click Add people or groups.
   • Add the service principal (from Step 1) with Member privileges, then click Add.
   • Set access level to Member.
3. Repeat this process for all workspaces the service principal requires access to.

🚧

Make sure that the service principal is added to the appropriate workspaces and not the security group. Granting the security group access to the workspaces will not work as expected.

Configuration Parameters

The following fields can be configured:

• powerbi.authority
• powerbi.jersey.api.timeout
• powerbi.auth.header
• powerbi.resource
• powerbi.client.id
• powerbi.clientid.secret.password
• powerbi.extract.from.cloud
• powerbi.include.reports / powerbi.exclude.reports
• powerbi.download.reports
• powerbi.include.workspaces
• powerbi.include.premiumcapacity.workspaces
• powerbi.workspaceinfo.count
• powerbi.exclude.workspaces
• powerbi.scan.status.wait
• powerbi.read.from.json
• powerbi.read.from.json.location
• powerbi.temptablename
• powerbi.temptablename.exceptions
• powerbi.filter.visualizations.with.no.fields

Summary of Steps

1. Create a Service Principal application.
2. Create a new Security Group.
3. Grant Power BI access to the security group.
4. Grant workspace access to the service principal.