# Pre-requisites for Power BI Registration #### Before registering Power BI in TrustLogix, ensure you have the following: #### **Licensing and Roles for Create Service Account** * Ensure that the Power BI Semantic Models are configured to **Premium Per User, Premium Capacity,** or **Fabric Capacity** (refer to image) * Refer to **this** [**documentation** ](https://learn.microsoft.com/en-us/fabric/enterprise/powerbi/service-premium-connect-tools)for more detailed information * The User creating the service principal in the following steps is assigned to a **Fabric Administrator** role

#### **Power BI Service Settings (Admin Portal)** * The following developer settings need to be enabled for the service principal to call Fabric Public APIs * If you would like only give access for a certain security group, please select the **Specific security groups** option below instead of The entire organization and assign the security group to that

* Also enable the XMLA endpoint option to Read Write under Premium Per User * if using Premium Capacity, enable under that

#### **Azure AD Service Account** * A **dedicated service account** (Azure Application) using Azure Application Registration that TrustLogix will use to connect to Power BI. * Create App In Azure using App registration * Sign in to the Azure portal and browse to **Azure Active Directory** → **App registrations** * Click **New registration** * Create the application * **Name**: e.g. `TrustLogix-PBI` * **Supported account types**: choose **Accounts in this organizational directory only** * **Redirect URI**: leave blank (not needed for client‑credentials flow) * Click **Register** * **Grant the API Permissions** * The application should have the following API Permissions on Power BI Service: * **Admin consent** to access Power BI APIs

* (Optional) If you would like to use TrustLogix for Group-Based policies in Power BI, please add the following permission as well

* #### **Fetch Tenant ID and Client ID** * Obtain your **Tenant ID and Client ID using Application Overview Page** * The **Client ID** is available in **App Registration → Overview → Application (client) ID** * The **Tenant ID** is available in **App Registration → Overview → Directory (tenant) ID** * #### **Fetch Client Secret** * **Generate a Client Secret under Application Overview Page → Manage → Certificates & Secrets** * Please make note of the expiry date of the Secret and update it as TrustLogix will not be able to auto update the Secret #### **Workspace Assignment to the Service Account** * The service account created above needs to be added to all workspaces that you would like TrustLogix to secure * Ensure that the service account is granted **ADMIN** level access to these workspaces * If you have added the service account to a security group, add the security group as an ADMIN instead