Overview
To connect Microsoft Power BI in Nango, you need to provide:- Tenant ID — The unique identifier for your organization that uses Microsoft services.
- Client ID — The unique identifier that Azure assigns to your application when it’s registered.
- Client Secret — A unique string that enables the client application to access the Power BI API.
Prerequisites
- You must have an active Azure account with a Power BI Pro or Premium subscription.
- You must have permission to register applications and grant admin consent in Microsoft Entra ID.
- You must have Power BI tenant admin access, to enable service principal API access.
Instructions
Step 1: Finding your Tenant ID
- Your Tenant ID can be found in the Tenant ID field on the Overview page within your Azure account.

Step 2: Generating your Client ID
- Navigate to the Azure portal home page and sign in using the credentials of an administrator.
- Select App registrations.

- Select New registration.

- In the Register an application section, enter a meaningful application name to display to users (e.g.
Nango Power BI). Under Supported account types, leave it to the default one which is Single tenant Only and click Register. - Once you have registered your application, your Client ID will be displayed in the Application (client) ID field within the Essentials. Your Tenant ID is shown in the Directory (tenant) ID field.
Step 3: Generating your Client Secret
- After registering a new app in the step above, navigate to Certificates & secrets under Manage, and click New client secret.
- A pop-up modal will appear, prompting you to enter your secret’s Description and Expires values. Fill these then click on Add.
- Once completed, copy the Client Secret from the Value field immediately and store it securely; it will not be shown again after you leave this page. Don’t confuse it with the Secret ID column in the same table — that’s just an identifier for the secret entry, not the credential itself.
- Skip API permissions entirely — Power BI Service doesn’t expose any application permission that applies to a service principal.
Tenant.Read.AllandTenant.ReadWrite.All(shown under Power BI Service) are delegated-only scopes meant for a signed-in user context, and Microsoft advises against assigning them to an app-only (client-credentials) registration. Access instead comes from adding the service principal to each workspace as a viewer, contributor, member, or admin, from that workspace’s Access settings, or — for tenant-wide reads without per-workspace membership — from the Fabric admin portal setting covered in the next step.
Step 4: Enabling service principal access in Power BI
A tenant admin must also allow service principals to call the API — the app registration and client secret alone aren’t enough:- Sign in to the Fabric admin portal as a Power BI admin.
- Under Developer settings, enable Allow service principals to use Power BI APIs.
- If the setting is scoped to specific security groups, add your app’s service principal to one of those groups.
- To use the Admin API for tenant-wide reads without per-workspace membership, also enable Service principals can access read-only admin APIs under Admin API settings — a separate tenant-settings section from Developer settings above. No Microsoft Entra API permission is required for this: it’s controlled entirely by this tenant setting (and, if scoped, adding the service principal to the allowed security group).
Without the Developer settings toggle enabled, requests fail with an authorization error even though the app registration and client secret are correct. The Admin API settings toggle is separate and only needed for the tenant-wide Admin API.
Step 5: Enter credentials in the Connect UI
Once you have your credentials:- Open the form where you need to authenticate with Microsoft Power BI.
- Enter the Tenant ID, Client ID, and Client Secret in their designated fields.
- Submit the form, and you should be successfully authenticated.
