Integrating Microsoft Power BI with Frontegg allows your application to read and manage datasets, reports, dashboards, workspaces, dataflows, and apps in a Power BI tenant through the Power BI REST API — all via Frontegg's integration layer using Microsoft Entra ID OAuth 2.0.
Prerequisites
Prerequisites
- A Microsoft account with access to the Azure portal
- A Microsoft Entra ID (Azure AD) tenant where you can register applications
- A Power BI account (Power BI Pro, Premium Per User, or Power BI Premium capacity is required for some endpoints such as dataflows and report export)
Sign in to the Azure portal and open App registrations (you can search for it in the top search bar or open it directly from Microsoft Entra ID → App registrations). Click New registration at the top of the page.
Fill in the registration form:
- Enter a name for your application (for example,
Frontegg Power BI Integration). - Under Supported account types, select Accounts in any organizational directory (Any Microsoft Entra ID tenant — Multitenant) for multi-tenant apps, or Accounts in this organizational directory only for a single-tenant app.
- Under Redirect URI, choose Web as the platform and enter:
https://YOUR_MCP_GATEWAY_URL/integration-callback - Click Register.
After registration, you are taken to the application Overview page. Copy both the Application (client) ID and the Directory (tenant) ID — you will need them when configuring the Frontegg portal.
In the left sidebar, under Manage, click Certificates & secrets. On the Client secrets tab, click New client secret.
In the Add a client secret panel, enter a description (for example, Frontegg Integration) and choose an expiry period. Click Add.
The new secret appears in the list. Copy the Value immediately — it is only shown once. After you navigate away, you cannot retrieve it again.
Save your Client Secret now
Save your Client Secret now
The Client Secret value is only displayed once. After you leave this page, you can only see the secret ID — not the value. Store the value securely before continuing.
In the left sidebar, click API permissions, then click Add a permission.
In the Request API permissions panel, scroll to Commonly used Microsoft APIs and click Power BI Service.
Click Delegated permissions. Expand each permission group and select the scopes your application requires. Select the following scopes:
| Scope | Description |
|---|---|
App.Read.All | View all Power BI apps the user has access to |
Dashboard.Read.All | Read dashboards |
Dashboard.ReadWrite.All | Read and write dashboards |
Dataflow.ReadWrite.All | Read and write dataflows (Premium or Premium Per User required) |
Dataset.Read.All | View all datasets |
Dataset.ReadWrite.All | Read and write all datasets (create, refresh, delete) |
Report.Read.All | Read reports |
Report.ReadWrite.All | Read and write reports (clone, delete, export) |
Workspace.Read.All | View all workspaces |
Workspace.ReadWrite.All | Read and write all workspaces and their members |
Click Add permissions.
How Power BI scopes are issued
How Power BI scopes are issued
Frontegg requests Power BI access using the resource-scoped https://analysis.windows.net/powerbi/api/.default scope. Microsoft Entra ID returns the union of all delegated Power BI permissions you have pre-authorized on this app — only the scopes you select here will be included in the issued token.
After adding permissions, the API permissions page lists all configured permissions under Power BI Service.
Once you have your Client ID, Client Secret, and Directory (tenant) ID, enter them in the Frontegg portal:
- Open the Frontegg portal and navigate to [ENVIRONMENT] → Integrations → Power BI.
- Enter the Client ID and Client Secret in the corresponding fields.
- Optionally, enter the Directory (tenant) ID. Leave blank or set to
commonfor multi-tenant applications; use a tenant GUID or domain for single-tenant applications. - Click Save.
Keep your credentials secure
Keep your credentials secure
Never share or commit your Client Secret to version control.