Skip to main content

Set up Microsoft Power BI

Atlan connects to Microsoft Power BI using a secure, least-privilege model. The integration reads metadata using Microsoft’s recommended metadata (scanner) APIs. It doesn't modify any content or settings in your Power BI environment.

This guide outlines the steps required to enable metadata extraction using a service principal.

Prerequisites

Before you begin, ensure you have access to the required roles.

Who can do this?

Depending on your organization’s setup, you may need a combination of admin roles to complete these steps. You may not have access yourself.

  • Cloud Application Administrator or Application Administrator (Microsoft Entra ID)
  • Microsoft 365 administrator (Microsoft 365)
  • Fabric Administrator (Power BI tenant settings)
  • Workspace Admin or Member (workspace access, if needed)

Step 1: Register a service principal in Azure

Atlan connects using a service principal. This enables secure, automated access to metadata.

  1. Go to the Azure portal and navigate to Microsoft Entra ID.
  2. Select App registrations and then select New registration.
  3. Name the application (for example, Atlan-PowerBI-Connector) and complete the registration.
  4. Copy and securely store:
    • Application (client) ID
    • Directory (tenant) ID
  5. Go to Certificates & secrets and create a New client secret.
  6. Save the client secret Value securely.
  7. For simpler permission management, create a security group in Entra ID and add the service principal to it.

Step 2: Enable metadata access in Power BI (scanner APIs)

A Power BI tenant admin must enable metadata access.

  1. Open the Power BI admin portal and select Tenant settings.
  2. Under Admin API settings, enable Service principals can use read-only Power BI admin APIs.
  3. Under Enhanced metadata, enable:
    • Detailed metadata responses
    • DAX and mashup expression metadata
  4. Add the security group containing your service principal to each setting you enabled.

These settings allow Atlan to read metadata from Power BI workspaces, datasets, dashboards, and reports.

Step 3: Grant workspace access (Optional)

To limit scanning to specific workspaces, grant workspace-level access.

  1. In Power BI, go to Workspaces, select a workspace, and then select Access.
  2. Add the security group containing your service principal.
  3. Assign the role based on your metadata requirements:
    • Viewer: Dashboards and reports
    • Contributor: Datasets with parameters
    • Member: Dataflows and full lineage

Grant access only to workspaces you want Atlan to scan.

Verify setup

Before you configure the connection in Atlan, confirm you have:

  • Client ID
  • Tenant ID
  • Client secret value (stored securely)
  • Power BI tenant settings updated to include your security group for the scanner API settings

If you run into connectivity issues, see Troubleshooting connectivity.

Next steps