This repository, will walk you through the steps required to create a web application, exposing (or publishing) power BI reports, to mass amount of users without 'Pro' users license. This is a common use case for health organization, public transportation, finance etc. The solution outlines the architecture, the Azure assets requirment, and it will guide you, on how to secure your application. Power BI Embedded using node. This project is forked from Samples, focusing on the Node flavor.
Your organization collected data, or is aiming to collect. You have a great reporting team, they produce amayzing reports from the collected data, these reports can help other achieve thier goals, save lives, help plan for traffic jams, or any other target. But you have only few 'Pro' licenses, and you dont aim on creating a premium account just yet. With power BI embedded, you can publish the reports to a large community. But, you dont just want anyone to access, you have restrictions requirments, have it regulation or a business decsion.
In order to build your own application, follow these high level guidlines:
- clone this repo to your local machine
- Obtain required parameters for your Power BI report
- Create Service Principal(s) one for the pbi access and another for the authorization of the WebApp
- Allow the principal to leverage the embeded capacity
- Deploy your application to Azure
- Add authentication/authorization to the application
- Add WAF
- Invite users to your application
You will need a dedicated compute resource to render and display your reports. A capacity is attached to a Power BI workspace and can be either a Power BI Premium or Embedded Analytics Capacity. You can review the differences between the two in this detailed whitepaper.
You can plan your deployment size using the assessment tool and use these performance best pratices documents for tuning your deployment: PBI reports, PBI Embedded.
Web app, common PaaS solution, allowing developers to host thier code in a quick manner, it let the developr focus on the application, rather than anything else. Web app can host application written in multiple languages. In this example we are using a Node based application. If this is your first time using one, We suggest you follow a tutorial to get familar with the concepts.
Note: Provided here is a .env-template file, that you will need to edit and enter your specific information.
In most cases, you will need to use the user context to enable specific authorization access, either to areas in your app or to pass through the user context to the PowerBi report/dashboard. following are tow main repositories that showcase the abilities and capabilities of MSAL.
It is recoemnded to utilize Service Principal, as users might move from an organization, their authorization altered etc. In this repository, we cover the steps required to create and enable a service principal access to embedded capacity. The following guide contains step by step instructions on how to create a service principal.
Another service principal is required to read user information from the graph api. Please see this guide to create one.
There are two options to consume PBI embedded capacity, see license types for more details.
- Dedicated 'Pro' user
- Service Principal - You need a user with Power BI Admin and Power Platform Admin roles in the AAD in order to allow Service Prinicpal Embedding.
The MasterAccount user or Service Principal do not automatically have permissions on all your PBI assets and therefore you will need to grant them access to Power BI workspaces where the reports you're going to embed reside.
This document provide detailed instructions to the entire process, from creating the service principal to associate it to your public Power BI workspace.
Lastly, to wrap it all up - see this tutorial for associating the capacity.
Follow this quick start to deploy a WAF V2.
Note: when configuring the http setting toggle the Override with new host name to Yes