PBI Embedded Scenario to save Licensing Costs

Creating a Data-Driven Culture with No-Code/Low-Code

In today’s world, data is the key to unlock limitless opportunities for organizations. For small and medium-sized organizations, analyzing data can be laborious, time-consuming, and expensive. Luckily, data analysis has been simplified with the advent of no-code and low-code data analysis tools which has given everyone, regardless of experience, the ability to peer into data and discover the power that insight can provide to the decision-making process. The democratization of data allows organizations to build a culture of data-driven decision-making which can help propel them to meet and surpass their goals.

Understanding No-Code or Low-Code Data Analysis

Prior to the advent of no-code and low-code applications, data analysis was handled by analysts with a specialized skillset that included the ability to code. With the rising importance of and reliance on data, it became apparent that the ability to analyze it should be shared more broadly than just the specialized few. This eventually led to the creation of no-code and low-code applications that allowed users of all experience levels to analyze data without the need for coding skills.

No-code applications enable users to build data analysis workflows through user-friendly graphical user interfaces (GUIs), whereas low-code data analysis applications require some coding knowledge, to allow users to perform advanced analysis tasks. Regardless of needing the ability to code or not, both no-code and low-code data analysis applications have lower learning curves, making them accessible to everyone. The advantages of adopting these tools include cost effectiveness, a simplified application to access and analyze data, an intuitive user interface, little to no coding skills required, automated alerts and notifications, and data access security. Low-code development also leads to cost reduction because apps can be built quickly in-house.

Microsoft Power BI in the Embedded Scenario

The most popular no-code data analysis application is Microsoft Power BI. Power BI has a robust set of features that make it a powerful, yet easy to use application. Features include automatically generated reports using a drag-and-drop dashboard builder, real time data modeling and analysis, customizable visualizations, and a self-serve analytics feature with cognitive insights. Additionally, Power BI integrates with Office 365, offers cloud storage and mobile app support for both iOS and Android devices. To ensure secure data accessibility, Microsoft Power BI offers advanced security features such as encryption of all stored data in Azure. These platforms offer powerful no-code solutions that allow businesses to access valuable insights quickly and easily while maintaining security standards throughout the process.

Project Overview: Embedding Reports for External Customers

This project aims to deliver a comprehensive Business Intelligence (BI) solution for a customer outside the organization. The primary challenge is to create reports and dashboards while ensuring data security through Row-Level Security (RLS), all without requiring the customer to have Power BI Pro licenses. The customer will sign in using the organization’s platform credentials, which will then be used for RLS and viewing the content.

Project Objectives included:

• Dashboard and Report Development: Creation of interactive, visually compelling Power BI reports and dashboards, tailored to the customer’s data needs.
• Row-Level Security (RLS): Implementing robust RLS mechanisms to ensure that users only access data pertinent to their role or responsibilities.
• Single Sign-On (SSO): Enable SSO for the customer, allowing them to use their organization platform credentials to access reports and dashboards seamlessly.
• Licensing Optimization: Minimize the requirement for Power BI Pro licenses for the customer, allowing cost-effective access.

The key design decision for authentication was using the Service Principal Authentication method, which is the recommended method for the “Embed for your customer scenario,” as outside customers end users will not sign in to Power BI or hold a Power BI licence. Power BI reports are embedded into organization applications using Azure AD Service Principals, which are granted Admin access to specific workspaces.

Implementation Steps for Power BI Embedded with RLS

Step 1: Register Azure AD App

Register a new Application in Azure AD which will act as an Identity for the Organization Application. A Client Secret must be generated, and since its value can only be seen once, it should be stored securely using the existing Organization Secret Management Process. Because the Client Secret can be set up to expire periodically, annual maintenance should be set up to avoid service failures. Essential identifications used for authenticating the Application to Azure AD include the Application (client) ID, Directory (tenant) ID, and Client Secret.

Step 2: Power BI Service Configuration

Reports are published to a specific Workspace in Power BI Service. A Workspace is a container where team members can create reports, dashboards, and collaborate. “Production” is typically a premium capacity Workspace where all the Real-Time Organization reports are published. For embedding a report, the Power BI Workspace should grant Admin access to the Security Group or Service Principal; without this access, the application is not authorized to access the reports in that workspace. For this project, a Security Group containing the Service Principal was created and granted access to Individual Workspaces.

Step 3: Request for Access Token Service

A Request for Token Service can be implemented as an internal API that provides the Application with an Access Token. The function that provides the Access Token requires successful authentication with the Service Principle and Client Secret.

Step 4: Report & Data Set GUID’s

The Power BI API endpoint, “https://api.powerbi.com/v1.0/myorg/groups/${workspaceId}/reports”, can be used along with the Access Token (sent in the header) to retrieve all the Reports and Dashboards available in the Workspace. The input required is the Workspace ID (a unique GUID) and the Access Token. The output provides the Report ID (GUID of each report), the Report Name, and the Dataset Id (GUID of the dataset associated with each report). Embedding Power BI reports requires a GUID for the Workspace, Report, and Dataset. Implementation teams must decide whether these GUIDs are saved as static configuration values or dynamically retrieved for each request.

Step 5: Get Embedded Token

The Power BI API endpoint, “https://api.powerbi.com/v1.0/myorg/GenerateToken”, is used along with the Access Token generated in Step 3. Inputs required include the Access Token, Report Id, and Dataset Id. For Role Level Security (RLS), the request must pass the username that the user logged into the Web Application (e.g., [email protected]) and the Power BI RLS Roles (e.g., “RLS”) defined inside the Power BI Service. The output is the Embedded Token, which is used for embedding the exact report from Power BI Service inside the Application.

Conclusion

This project successfully addressed the complex challenge of creating numerous dashboards using a Low Code approach for a customer without Power BI Pro licenses. By successfully delivering this solution, the organization provides the customer with comprehensive data insights while achieving cost savings (no Pro licenses needed), enhancing data security through RLS (ensuring each user only sees relevant information), and improving the user experience through SSO integration.

No-code and low-code data analysis applications lower costs, support collaboration, assist an organization in making informed decisions, democratize the access to data, and drive overall change within an organization.