Question

How do I set up Power BI Embedded with authentication for external users?
I’m building a web application that embeds Power BI reports for external users who are not part of my organization. The solution must include secure authentication and row-level security. What is the best approach to implement Power BI Embedded with Azure AD B2C, service principals, and token generation for user access control?

Answer 1

To set up Power BI Embedded with authentication for external users, the recommended approach is to use App Owns Data architecture combined with Azure AD B2C for external identity management. This allows you to embed Power BI content in your web app without requiring users to have Power BI licenses or be part of your Azure AD tenant.

Start by registering your application in Azure AD and granting it appropriate API permissions. Use a service principal with a Power BI Pro or Premium Per User (PPU) license, and assign it access to your Power BI workspace. For external users, manage their identities via Azure AD B2C, which supports social logins and custom policies. After users authenticate, your backend app can use the service principal to generate an Embed Token via the Power BI REST API, applying Row-Level Security (RLS) roles dynamically based on the user’s identity or attributes.

Ensure your workspace is backed by Power BI Premium (P SKUs or A SKUs) to enable embedding for external users. Use the Power BI JavaScript SDK in the frontend to render reports securely using the token. This setup ensures scalable, secure embedding with custom branding, user-level security, and licensing efficiency tailored to external audiences.