Power BI Connector
Documentation
Version: 2
Documentation
Authentication

User Credentials


Description

Use delegated access (User Credentials) whenever you want to let a signed-in user work with their own resources or resources they can access. Whether it's an admin setting up policies for their entire organization or a user deleting an email in their inbox, all scenarios involving user actions should use delegated access. [API reference]

Instructions

Follow these simple steps below to create Microsoft Entra ID application with delegated access:

WARNING: If you are planning to automate processes, we recommend that you use a Application Credentials authentication method. In case, you still need to use User Credentials, then make sure you use a system/generic account (e.g. automation@my-company.com). When you use a personal account which is tied to a specific employee profile and that employee leaves the company, the token may become invalid and any automated processes using that token will start to fail.
  1. Navigate to the Azure Portal and log in using your credentials.
  2. Access Microsoft Entra ID.
  3. Register a new application by going to App registrations and clicking on New registration button:

    Start new app registration in Microsoft Entra ID
    INFO: Find more information on how to register an application in Graph API reference.
  4. When configuration window opens, configure these fields:

    • Supported account type
      • Use Accounts in this organizational directory only, if you need access to data in your organization only.
    • Redirect URI:
      • Set the type to Public client/native (mobile & desktop).
      • Use https://zappysys.com/oauth as the URL.
    Register app in Microsoft Entra ID
  5. After registering the app, copy the Application (client) ID for later:

    Copy client ID of Microsoft Entra ID app
  6. Copy OAuth authorization endpoint (v2) & OAuth token endpoint (v2) URLs to use later in the configuration:

    Copy Auth and Token URLs in Microsoft Entra ID app
  7. Now go to SSIS package or ODBC data source and use the copied values in User Credentials authentication configuration:

    • In the Authorization URL field paste the OAuth authorization endpoint (v2) URL value you copied in the previous step.
    • In the Token URL field paste the OAuth token endpoint (v2) URL value you copied in the previous step.
    • In the Client ID field paste the Application (client) ID value you copied in the previous step.
    • In the Scope field use the default value or select individual scopes, e.g.:
      • offline_access
      • https://analysis.windows.net/powerbi/api/Workspace.Read.All
      • https://analysis.windows.net/powerbi/api/Dataset.Read.All
      • https://analysis.windows.net/powerbi/api/Dataset.ReadWrite.All
  8. Press Generate Token button to generate Access and Refresh Tokens.
  9. Click Test Connection to confirm the connection is working.
  10. Optional step. Choose Default Workspace from the drop down menu.
  11. Choose Default Dataset from the drop down menu.
  12. Done! Now you are ready to use the API Connector!

Parameters

Parameter Required Default value Options
Name: AuthUrl

Label: Authorization URL

YES
Name Value
For Single Tenant https://login.microsoftonline.com/{ENTER-TENANT-ID-HERE}/oauth2/v2.0/authorize
For Multi Tenant https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Name: TokenUrl

Label: Token URL

YES
Name Value
For Single Tenant https://login.microsoftonline.com/{ENTER-TENANT-ID-HERE}/oauth2/v2.0/token
For Multi Tenant https://login.microsoftonline.com/common/oauth2/v2.0/token
Name: ClientId

Label: Client ID

YES
Name: Scope

Label: Scope

Permissions you want to use.
YES offline_access~https://analysis.windows.net/powerbi/api/Workspace.Read.All~https://analysis.windows.net/powerbi/api/Dataset.ReadWrite.All
Name Value
offline_access offline_access
https://analysis.windows.net/powerbi/api/Workspace.Read.All https://analysis.windows.net/powerbi/api/Workspace.Read.All
https://analysis.windows.net/powerbi/api/Dataset.Read.All https://analysis.windows.net/powerbi/api/Dataset.Read.All
https://analysis.windows.net/powerbi/api/Dataset.ReadWrite.All https://analysis.windows.net/powerbi/api/Dataset.ReadWrite.All
Name: DatasetId

Label: Default Dataset (select after generating tokens)

YES
Name: ClientSecret

Label: Client Secret

Name: ReturnUrl

Label: Redirect URI (must match App Redirect URI)

The ReturnUrl must match the URL on the Authentication page for your Application (in Azure Portal, Azure Active Directory > App registrations > Application)
Name Value
https://zappysys.com/oauth https://zappysys.com/oauth
Name: WorkspaceId

Label: Default Workspace (Keep Empty for My Workspace - select after generating tokens)

Leave value empty to use your Power BI default Workspace
Name: RetryMode

Label: RetryMode

RetryWhenStatusCodeMatch
Name Value
None None
RetryAny RetryAny
RetryWhenStatusCodeMatch RetryWhenStatusCodeMatch
Name: RetryStatusCodeList

Label: RetryStatusCodeList

429|503
Name: RetryCountMax

Label: RetryCountMax

20
Name: RetryWaitTimeMs

Label: RetryWaitTimeMs

1000
Name: RetryMultiplyWaitTime

Label: RetryMultiplyWaitTime

True
Name: ExtraAttributesForAuthRequest

Label: Login options

Choose this if you want to force login prompt or permission prompt.
Name Value
None
Force login prompt prompt=login
Force permission select prompt=consent