Pre-requisites for Power BI Registration

Before registering Power BI in TrustLogix, ensure you have the following:

Licensing and Roles for Create Service Account

• Ensure that the Power BI Semantic Models are configured to Premium Per User, Premium Capacity, or Fabric Capacity (refer to image)

  • Refer to this documentation for more detailed information

• The User creating the service principal in the following steps is assigned to a Fabric Administrator role

Power BI Service Settings (Admin Portal)

• The following developer settings need to be enabled for the service principal to call Fabric Public APIs

  • If you would like only give access for a certain security group, please select the Specific security groups option below instead of The entire organization and assign the security group to that

• Also enable the XMLA endpoint option to Read Write under Premium Per User

  • if using Premium Capacity, enable under that

Azure AD Service Account

• A dedicated service account (Azure Application) using Azure Application Registration that TrustLogix will use to connect to Power BI.

• Create App In Azure using App registration

  • Sign in to the Azure portal and browse to Azure Active Directory → App registrations

  • Click New registration

  • Create the application

    • Name: e.g. TrustLogix-PBI

    • Supported account types: choose Accounts in this organizational directory only

    • Redirect URI: leave blank (not needed for client‑credentials flow)

    • Click Register

• Grant the API Permissions

  • The application should have the following API Permissions on Power BI Service:

    • Admin consent to access Power BI APIs

• (Optional) If you would like to use TrustLogix for Group-Based policies in Power BI, please add the following permission as well

• Fetch Tenant ID and Client ID

  • Obtain your Tenant ID and Client ID using Application Overview Page

    • The Client ID is available in App Registration → Overview → Application (client) ID

    • The Tenant ID is available in App Registration → Overview → Directory (tenant) ID

• Fetch Client Secret

  • Generate a Client Secret under Application Overview Page → Manage → Certificates & Secrets

    • Please make note of the expiry date of the Secret and update it as TrustLogix will not be able to auto update the Secret

Workspace Assignment to the Service Account

• The service account created above needs to be added to all workspaces that you would like TrustLogix to secure

  • Ensure that the service account is granted ADMIN level access to these workspaces

  • If you have added the service account to a security group, add the security group as an ADMIN instead