It is necessary to authorise and register SYNCHRO Perform to access the client’s Power BI workspace. This typically requires IT approval and access but is a once-off configuration.

Full setup and configuration details are included in Microsoft documentation (refer *(i), (ii), (iii)). Admin settings can be configured by the client IT team for specific security groups (refer *(iv)). Basic steps are shown here to obtain:

• Primary domain / Tenant domain
• Application (client) ID
• Client secret

1. Go to https://portal.azure.com/
   1. Click New registration
   2. Navigate to the Overview
   3. Copy the following value from Basic information: Primary domain
   4. Navigate to Azure Active Directory > App registrations
   5. Click New Registration
      • Enter a suitable name (e.g., `SYNCHRO Perform Power BI (e7-<instance>)`)
      • Ensure the Supported account type setting is “single tenant”
      • Click Register
      • Copy the following value: Application (client) ID
      • 
   6. On the app page, navigate to Manage > Certificates & secrets
      • Generate a New client secret, and select ‘Never’ for the secret expiration (recommended)
      • Copy the following value Client secret value and save for use in configuration
      • Note: After you leave this window, the client secret value will be hidden, and you'll not be able to view or copy it again. When pasting the client secret in SYNCHRO Perform, use the secret value not the secret ID
        • 

2. The application (Service Principal user) then needs to be granted access to the Power BI APIs – refer *(iv)

   1. Within Azure, create a Group Click New Group - refer *(v)
      • Group type: Security
      • Group name: SYNCHRO Perform Power BI Embedding
   2. Click Create
   3. Navigate to the newly created Group (you may have to wait a minute and
      refresh the page for the group to appear)
   4. Navigate to Members
   5. Click Add Members
   6. Find the app (Service Principal) created earlier and add it to the Group
   7. Within Power BI, go to Power BI Tenant Settings - refer *(vi)
      • https://app.powerbi.com/admin-portal/
      • Note: if you cannot access Admin portal see the next page
   8. Enable the setting Allow service principals to use Power BI APIs and add the Group created to the Group List
      • 
   9. If you are unable to access the Tenant Settings, confirm the following settings:
   10. The service account user will need to ensure they have Power BI admin settings
   11. Within Admin Center go to Active Users, and add the following two roles ‘Power BI admin’ and ‘Power Platform admin’ (refer vii)
   12. This will enable access to configure the steps on the following page
       • 

3. 3.The application (Service Principal user) must then be added to any Workspace you want to Embed Reports at least at a ‘Member’ level – refer *(iii)

   • Note: Subject to data volumes for the project, you may need to update PowerBI to Premium capacity, although the integration will work with ‘Pro’ license mode for smaller datasets
   • 

Note: Refer to the Microsoft documentation for full details

i.https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-sample-for-customers

ii.https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-service-principal

iii.https://docs.microsoft.com/en-us/power-bi/collaborate-share/service-give-access-new-workspaces

iv.https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-service-principal#step-3---enable-the-power-bi-service-admin-settings

v.https://portal.azure.com/#blade/Microsoft_AAD_IAM/GroupsManagementMenuBlade/AllGroups

vi.https://app.powerbi.com/admin-portal/tenantSettings

vii. https://docs.microsoft.com/en-us/power-bi/admin/service-admin-role