Home  >  Power Automate / Power BI

Create a Power BI Service Principle Profile

Published date

Last modified date

Author

For Power Automate to use the Power BI Rest API it needs a service principle profile. This is created by creating an app registration that has the right permissions. This allows an app, e.g. Power Automate, to establish a trust relationship with the Microsoft identity platform. This is done using Entra Admin Center (previously known as Active Directory)

This post is part of the Power Automate and Power BI Rest API series

Create App Registration

Navigate to https://entra.microsoft.com/. Then in the menu expand Identity and under that Applications. Finally click on App Registrations to open the list of App Registrations. It defaults to list registrations owned by you.

App Registration list

Click on New registration to start creating your App registration. Enter a name for your application, remember to make clear as over time the list will grow. Leave rest of the options as default and press the Register button.

Entering App Registration name and register

Change App Registration Ownership

It is recommended that you add owners to the registration. Click on Owners, then click on Add Owners and select the owners. App owners and administrators can view and edit app registrations.

list of app registration owners

Adding API Permissions

Permissions need to be given to the App Registration based on what you want to do. The Power BI Rest API documentation at https://learn.microsoft.com/en-us/rest/api/power-bi/groups/create-group states you need Workspace.ReadWrite.All.

Click on API Permissions and then click on Add a permission. When the list of APIs appear, select Power BI service. Then select Delegated permissions and from the list of permissions select Workspace.ReadWrite.All. It is good practice to only add the permissions you need.

Adding an API permission steps

Adding a Secret

The final step in App Registration is to add a secret. This will be required by anyone using the app registration.

Click on Certificates & secrets, then click on New client secret. Enter in a description, I chose to keep the default 6 months expiration. Click Add to finish creating the secret.

Once the list appears you must copy the secret value. This is the only chance you get.

Adding a secret to the service principal profile

Important Information

You will need the Secret value copied from the last section and the Tenant ID and Client ID. The final 2 values can be found by clicking on Overview. These values especially the secret need to be kept secure. So the next post is how to create an Azure Key Vault to store the values.

Finding the Client ID and Tenant ID

Conclusion

Understanding how App Extensions and Service Principals work is very useful not only for Power BI Rest api. The Microsoft Graph api can also be accessed using a service principal but that is a whole different series.

Categories:Power AutomatePower BI

Tags:

Laura GB

Over 20 year experience at being passionate about training, solving problems and loving a new challenge especially in the Microsoft's Power Platform suite.

Related Posts

1 Response

  1. Pingback: Power Automate and Power BI Rest API - Hat Full of Data