Skip to main content

Using Power BI Service with token-based authentication

You can publish and share reports in Power BI Service, so that other users can also run them. This can be achieved with token-based authentication and Microsoft Entra ID.

note

If you manage AtScale users with Microsoft Active Directory and either Kerberos or NTLM, see Using Power BI Service with Windows Authentication.

Before you begin

Ensure your system meets the following requirements:

Configuring Power BI Gateway

The following steps should be performed by an AtScale administrator:

  1. Install Power BI Gateway on a Windows machine that is in the same domain as your Directory server.

    This server should be reachable from Power BI Service via a secure connection (for example, IP Sec Tunnel), and should be able to access your AtScale server. For more information see the Power BI Gateway documentation.

  2. Login to Power BI Service as a pbi service admin and go to Settings > Manage Gateways. Follow the Microsoft documentation instructions to connect to your Gateway.

  3. Click Add Datasource on the Manage Gateways screen.

  4. Give your AtScale datasource a name and select Analysis Services as the data source type.

  5. Enter the necessary connection information to connect to the AtScale system:

    1. In Design Center, obtain the connection string for the catalog you want to connect to:

      1. Click the profile icon in the top right corner of Design Center. The Account panel opens.
      2. Click Generate XMLA token.
      3. Open the Deployed Catalogs panel, then open the catalog you want to connect to.
      4. On the Connect tab, copy the MDX + Token connection string.

    2. Replace the personal token at the end with the service token.

    3. Enter this URL in Power BI Service.

  6. Click Add. A connection confirmation indicates that Power BI Service successfully completed the authentication.

Now model designers can start creating reports as described in the next section.

Creating and publishing reports

The following steps should be performed by a model designer:

  1. In Design Center, obtain the connection string for the catalog you want to connect to:

    1. Click the profile icon in the top right corner of Design Center. The Account panel opens.
    2. Click Generate XMLA token.
    3. Open the Deployed Catalogs panel, then open the catalog you want to connect to.
    4. On the Connect tab, copy the MDX + Token connection string.

  2. Create a report using Power BI Desktop connected to the AtScale model.

    This should be done using the connection string copied above.

  3. Once ready, publish the report to the Power BI Service by clicking the Publish button (must be logged in to Power BI Service).

    Consider that at that point the report is still not executable by end users.

  4. Request approval from the AtScale administrator for the report to be activated in the portal.

    For example, this could be done by saving the report as a file with .pbix extension and sending it to the administrator.

The administrator should proceed as described in the next section.

Approving and sharing the report

An administrator should approve a report in the following way:

  1. Open and review the received report in Power BI Desktop.
  2. Go to Transform data > Data source settings and replace the personal token in the URL with the service token.
  3. Share the report.

Now the model designer should share the report in the following way:

  1. Using the same account that you used to author the report, log on to the Power BI Service.
  2. Find the new report in the workspace you selected when publishing. Click the Share icon.
  3. Type in the user names of the other users that you want to run the report and click the Share button.

Other Power BI Service users will now be able to run the report. Additionally, their identity will be used to enforce runtime model security and will be displayed on the AtScale Query page.

More Information