Prerequisites

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

Customer Managed Applies to customer-managed instances of Alation

Before you install the Azure Power BI Scanner OCF connector, ensure that you have performed the following:

Enable Network Connectivity

Open outbound TCP port 443 on the Azure Power BI server for the REST API communication.

Note

If the Azure Power BI server is connected using proxy connection, open the inbound TCP port 3128.

Set Up the Azure Power BI Scanner

Setting up the Azure Power BI Scanner involves these steps:

Register an Application in Azure Portal

Register an application in Azure Portal to use as a service principal to access Power BI from Alation:

  1. Navigate to App registrations in Microsoft Azure Portal.

  2. Click New registration:

    ../../../_images/powerb2.png
  3. Provide the following information:

    • A name for the application

    • Select the account type Accounts in this organizational directory only (<Org Name> only - Single tenant)

    • The Power BI URL as Redirect URI: https://api.powerbi.com or https://api.powerbigov.us - for Azure Government Cloud

      ../../../_images/powerb3.png
  4. Click Register.

  5. On the next screen, locate Application (client) ID and Directory (tenant) ID. Save them for future reference.

    ../../../_images/powerb4.png
  6. On the left pane, click Certificates & secrets to generate the Client Secret.

    ../../../_images/powerb5.png
  7. Click New client secret under the Client secrets section.

    ../../../_images/powerb6.png
  8. On the popup window, provide the Description for the client secret and click Add.

    ../../../_images/powerb7.png
  9. Save the Client Secret for future reference.

Assign Workspace Permissions

Grant the application you created in Step 1 member-level access to the workspaces you plan to catalog in Alation. Member-level permissions enable the connector to extract report dimensions and dataflows. For steps, refer to Give users access to workspaces in Power BI in Power BI documentation.

Important

The Power BI Admin must provide member-level access of service principal to at least one workspace.

Create a Security Group for Azure Power BI Scanner

  1. Navigate to the Groups management section of Azure Portal.

  2. Click New group.

    ../../../_images/powerb8.png
  3. Enter the following details:

    • Select Security for Group Type.

    • Enter the Group Name and Group Description.

    • Under Members, add the app created in Step 1 as the member of the group.

    • Click Create.

    ../../../_images/powerb9.png

Enable Azure Power BI Scanner Service Admin Settings

For an Azure application to be able to access the Power BI content and APIs, a Power BI admin needs to set Enable service principal access in the Power BI admin portal.

  1. Login to Power BI.

  2. From the Settings menu, select the Admin portal:

    ../../../_images/powerb10.png
  3. Navigate to Tenant Settings > Developer Settings and perform the following configuration:

    3.1 Enable Allow service principals to use Power BI APIs.

    3.2 Select the Specific security groups and select the security group created in Step 3.

    3.3 Click Apply to apply the settings.

    ../../../_images/PowerBI_39.png
  4. Navigate to Tenant Settings > Admin API Settings and perform the following configuration:

    4.1 Enable Allow service principals to use read-only Power BI Admin APIs.

    4.2 Select the Specific security groups and select the security group created in Step 3.

    4.3 Click Apply to apply the settings.

    4.4 Similarly, enable the following flags:

    • Enhance admin APIs responses with detailed metadata

    • Enhance admin APIs responses with DAX and mashup expressions

    ../../../_images/powerb11.png
  5. In Tenant Settings, navigate to Gen1 Dataflow Settings:

    5.1 Enable Create and use Gen1 dataflows to extract the dataflow objects in Alation.

    5.2 Click Apply to save the settings.

    ../../../_images/powerb19.png

    Note

    The service principle requires member-level access to workspaces in Power BI to extract dataflows. The dataflow connection missing error may occur during extraction when workspace permissions are not available.

  6. Under Tenant Settings, navigate to Download Reports:

    6.1 Enabling Download Reports enables you to extract report fields into Alation. It is also required for Column Level Lineage.

    6.2 Click Apply to save the settings.

    ../../../_images/powerb21.png