Microsoft Power BI for WordPress
Use this guide, if you want to embed a Microsoft Power BI report, dashboard or tile in a WordPress page or post (also see the following video https://youtu.be/fDyB_Ue72j4).
Before you start
- You must already have configured the single sign-on capability of the WordPress + Office 365 plugin.
- Additionally, you must also already have configured the integration capability of the plugin.
- You are a Global Administrator for your company’s Office 365 tenant / Azure AD directory (or have at least the ability to edit the Azure Active Directory App registration that was created previously when the single sign-on capability was configured).
- You are an Administrator for your WordPress website.
Choosing a scenario
Embedding Power BI content into a WordPress page or post with the help of the WPO365 plugin (and extensions) can be done in one of two ways.
User owns data In this case the user has been given access to the Power BI workspace in question. Therefore the user must sign in with Microsoft (with the help of the WPO365 plugin) to your WordPress website. This is necessary so the plugin can obtain an access token for Microsoft Graph to access the Power BI REST APIs. This also implies that you must configure the appropriate delegated permissions (see API Permissions below).
Application owns data In this case the user has not been given access to the Power BI workspace in question. Instead the Service Principal (= App registration) that you created when you configured the single sign-on capability of the WPO365 | LOGIN plugin must be given administrative access to the Power BI workspace in question (see Prepare your Power BI environment below).
Considerations and Limitations
- Ensure that you have selected the Beta version for the Microsoft Graph on the plugin's Integration page.
- SAML 2.0 is not supported in combination with the User owns data scenario.
- The Application owns data is not available for the basic version of the Power BI Embed app but instead requires the WPO365 | M365 APPS or the WPO365 | INTRANET bundle to be installed and activated.
- The Application owns data scenario does not require the user to have access to the Power BI workspace in question. However, due to a limitation of the WPO365 | LOGIN plugin must the user have logged into your website (but signing in with Microsoft is not a requirement).
- Please make sure that you have read the considerations and limitations section on the Microsoft website.
- Disclaimer According to Microsoft - in case of the Application owns data scenario - a capacity is required when moving to production
- In Azure Portal click the 'hamburger' (icon with three horizontal lines in the upper corner) to open the menu.
- Navigate to Azure Active Directory > App registrations.
- Select the App registration that you created when you configured the single sign-on capability of the plugin.
Please note If you intend to implement the Application owns data scenario there is not need to assign delegated permissions and you can skip this step.
- Click API permissions from the 'App registration' menu on the left
- Click + Add permission.
- Select Power BI Service > Delegated permissions.
- Scroll down to Dataset and check
- Scroll down to Report and check
- Click Add permissions.
- Click Grant admin consent for … to grant consent for all users in your tenant to use this ‘App registration’.
Depending on your requirements you can of course add more permissions e.g. Workspace.Read.All, Dashboard.Read.All.
- Navigate to WP Admin > WPO365 > Integration.
- Click Delete tokens.
- Click Save configuration.
- Sign out of your WordPress website.
- Sign in with Microsoft to your WordPress website.
Prepare your Power BI environment
- The WPO365 plugin only supports the embedding of Power BI content using a Service principal. Authentication using a master account is not supported. This also means that content must reside in new workspaces (and that traditional workspaces are not supported).
- You should not register a new App in Azure AD. Instead you can use the existing App registration (= Service Principal) that you registered initially when you configured the single sign-on feature and possible other integrations e.g. with SharePoint Online, Yammer etc.
- You must, however, configure your Power BI environment to support Service principal authentication. Using this method that can be used to let an Azure AD application access Power BI service content and APIs. To do so, please carefully execute the following steps documented by Microsoft (see https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-service-principal):
- Create an Azure AD security group
- Once you created the Azure AD security group, copy the Application (client) ID (from the plugin's Single Sign-On page) and add this user to the new Azure AD security group.
- Navigate to the Azure AD security group in your Azure Portal.
- Click Members.
- Click + Add members.
- Paste the Application (client) ID and click the Service Principal from the results to select it.
- Click Select to add the Service Principal to the group.
- Enable the Power BI service admin settings
- Add the service principal as an admin to your workspace
- Embed your content
When you see an error that states "... No authorization code and refresh token found when trying to get an access token for https://graph.microsoft.com/User.Read. The current user must sign out of the WordPress website and log back in again to retrieve a fresh authorization code that can be used in exchange for access tokens ..." Then please sign out of your WordPress website and immediately sign back in (with Microsoft) into your site. This will ensure that the plugin retrieved a fresh set of access tokens on your behalf.
Generate a Microsoft Power BI shortcode
The table below provides a simple overview of the available features per plugin edition.
|Feature||WPO365 | LOGIN|| WPO365 | M365 APPS
WPO365 | INTRANET
|User owns data scenario (AAD token)||Yes||Yes|
|Application owns data scenario (Embed token)||No||Yes|
|Request permission for multiple items||No||Yes|
|Customize embed token request endpoint||No||Yes|
|Customize embed token request JSON body||No||Yes|
|Customize embed configuration JSON||No||Yes|
To generate a shortcode to embed a Microsoft Power BI artifact into any WordPress page or post, perform the following steps.
- Navigate to WP Admin > WPO365 > ... > Power BI.
- Select the Microsoft Power BI artifact to embed i.e. report, dashboard or tile.
- Select the desired token type:
- For the User owns data scenario select the AAD Token.
- For the Application owns data scenario select the corresponding (type of) Embed Token (the shortcode generator will only enable those options that match with the Microsoft Power BI artifact that you want to embed e.g. Report in Workspace and Multiple Items when you want to embed a Report.
- Enter the Workspace ID of the Microsoft Power BI Workspace where the artifact that you are embedding resides in.
- Enter the Report ID of the Microsoft Power BI report if you are embedding a report.
- Enter the Dashboard ID of the Microsoft Power BI dashboard if you are embedding a dashboard.
- Enter the Dashboard ID and the Tile ID of the Microsoft Power BI tile and its containing dashboard if you are embedding a tile.
Please note that you can find all these IDs when you navigate to https://app.powerbi.com/ and then load the workspace of your choice. In your workspace open the artifact that you want to embed. Once open, the web address should contain all necessary IDs. The following URL is an example for a report with ID 206e6e12-b5f6-4542-a22e-2c17de272a4f in a workspace with ID f6fddbde-2415-435a-9c51-e8d6a2b6274b e.g. https://app.powerbi.com/groups/f6fddbde-2415-435b-9c51-e8d6a2b6274b/reports/206f6e12-b5f6-4542-a22e-2c17de272a4f/ReportSectionb4bd8f0e6c0029bcea0b.
- Finally you can enter the height and width of the embedded artifact on your WordPress page.
- Click Copy shortcode to clipboard.
Embed a Microsoft Power BI artifact in a WordPress page or post
- From the WordPress Admin Bar, click + New to add a new WordPress page or post.
- On the page or post, type shortcode in the block navigator and click the shortcode shortcut to add a new shortcode block to the page or post.
- In the shortcode editor, click Ctrl+V (or right mouse click and click Paste) to paste the shortcode.
- Publish the page and then click View post to check the result.