Have you been wondering how to Share power BI report with external user without license?

Power BI is a great tool for sharing reports among your colleagues inside of the same organization. However, what if you need to share reports securely with users outside of your organization like your customers? This gets a little bit more technical but it is feasible!

In this article we will cover a case study of how Vidi Corp set up a secure system to share Power BI reports with external users for several clients in the past. The system is relying on Microsoft Azure functions and Power Pages.

What is Power Pages

Power Pages is a new addition to the Microsoft Power Platform, which enhances its capabilities significantly. It can be thought of as an extension of Power Apps, but with a distinct advantage: it allows apps to be shared externally, beyond just internal users. This means that Power Pages can be accessed by anyone through their web browser, and to these external users, Power Pages appear just like a regular website. Importantly, users do not need a license to access websites built with Power Pages, making it highly accessible and cost-effective.

Leveraging Power Pages, we can create a user-friendly interface where individuals can register and sign in on the  website. This feature is particularly useful for managing user access and personalizing user experiences. Once users are logged in, we can tailor the data displayed to each individual based on their login credentials by applying row level security policies. This ensures that users see only the information relevant to them, enhancing both security and user experience. Power Pages thus offers a powerful tool for creating dynamic, user-specific web applications that are easy to access and manage.

What is Microsoft Azure

Azure is Microsoft's cloud platform offering various services, including Azure SQL Server databases for data storage and Azure Active Directory for user management and various other Azure functions. Utilizing Power BI Embedded function, it allows system to extend its reporting capabilities. Azure SQL Server provides a robust backend for storing and querying data, while Azure Active Directory manages user access and security. By integrating these with Power BI Embedded, we can create powerful, interactive reports that are securely accessed and tailored to individual external users, enhancing the overall functionality and user experience of the power Bi reports.

Pre-set up work for sharing Power BI reports externally

Pre-requisites:

1. Office Account Access: Ensure you have access to an Office account with a Power Pages license.
2. Power BI License: Obtain a Power BI license for the developer account, only if row-level security policies are required.
3. Azure Portal Access: Have access to the Azure portal to manage and configure necessary cloud services such as PowerbiEmbedded service, resource groups

Setting up the system for external sharing of Power BI reports

1. Sign in to Office Portal: Begin by signing in to the Office portal using your credentials. Once logged in, navigate to the Power Pages portal to start your project.
2. Create New Site: Click on the "New Site" button to initiate the creation of your Power Pages site. You can create the necessary pages using out-of-the-box web parts for a quick setup or opt for custom development using Visual Studio for more tailored solutions. Below is a demonstration of what Power Pages sites can look like, showcasing their versatility and customization options.

3. Setup Power BI Web Part: Once you have designed the necessary pages in Power Pages, the next step is to set up the Power BI web part on the pages you want to display reports. If the reports will be publicly accessible, there’s no need to configure row-level security. In this case, simply create a public embedded link and embed it within the Power BI web part as an iframe. This allows anyone to view the reports without restrictions. However, if the reports are meant to be accessible only to specific users, ensuring that each user sees only their own data is crucial. In such cases, you must set up row-level security policies to filter the data dynamically based on user identity.

4. Setup Row-Level Policies: To establish row-level security, start by opening the Power BI report in Power BI Desktop. Authenticate and load the contacts table from Dataverse, which contains all the user contacts created for access to this portal. Once the contacts table is loaded into the data model, you will need to create a security role that filters the data based on the signed-in user. For example, you can create a rule that states whenever a user is signed in, the report should display only their relevant data. Also go to the Azure portal and set up the below steps to authenticate the Power Bi report with the portal. This setup ensures that users will only see the information they are authorized to access, enhancing data security and privacy. After configuring the role and ensuring that the filtering works as intended, publish the report to the Power BI service. This completes the setup, allowing users to interact with their personalized reports seamlessly while maintaining the necessary security measures.

Step 1: Azure Portal Access

Ensure you have access to the Azure portal with an active subscription. This access is essential for setting up the resources required to embed Power BI reports that will be shared with external users who do not have a Power BI license. The Azure portal provides the necessary infrastructure and tools to configure and manage these resources effectively.

Step 2: Setup Power BI Embedded Capacity

Within the Azure portal, set up a Power BI Embedded capacity resource. This resource is crucial as it will be used to make the Power BI workspace premium. A premium workspace is necessary to enable sharing reports with users who do not have Power BI licenses.

Step 3: Assign Embedded Capacity to Workspace

Assign the Power BI Embedded capacity to the workspace that will host the report to be embedded in the portal. Once the assignment is complete, the workspace will display a diamond icon, indicating it has premium capabilities. This step ensures that the workspace can handle the demands of embedding reports and sharing them with external users efficiently.

Step 4: Create Resource Group and Configure Authentication

Create a resource group in the Azure portal and add the Portal ID to this group. This grouping helps in managing and organizing related resources efficiently. Next, set up authentication by allowing this resource group to use Power BI APIs in the Power BI admin portal. This configuration is crucial for enabling automated processes and integrations, ensuring that the embedded reports function seamlessly and securely.

External User registration for sharing of Power BI reports

1. User Registration: When an external user visits the portal, they will be greeted with a registration screen designed to capture their details. This screen serves as the initial point of interaction, ensuring that only authenticated users can proceed further.

• Admin Setup: As an administrator, you will need to access the Portal Management app. Here, you will create a new contact entry for the customer. After setting up the contact, generate a registration key for your portal and send it to the customer. This key is essential for the next steps, as it allows the user to authenticate their access.

• Redeem Invitation: The user will click on the "Redeem Invitation" button on the portal’s registration screen. They will enter the registration key provided to them, which will enable them to create and set up their user account within your portal. This process involves the user entering their details and creating login credentials, establishing a secure and personalized user account.

• Access Reports: Once the user has successfully signed in, they will be redirected to the report page. Here, they can access and view reports. If the reports are not intended for public viewing, users will see data specific to their login credentials. This ensures personalized access, where each user views only the data relevant to them. Due to data sensitivity, it’s crucial to note that the dashboard does not display any data publicly. This precaution safeguards sensitive information and ensures a secure user experience.

NOTE: We are not showing any data in the dashboard due to data sensitivity