Home / , / Microsoft Power BI Authentication Information

Microsoft Power BI Authentication Information

Power BI Banner

The VuePilot Microsoft Power BI app is based around the standard Power BI embedding functionality that Microsoft provides.  VuePilot does not require you to store credentials or private company details within our database, instead it will simply embed your report or dashboard into a portable app which can then be distributed and displayed around your business by simply assigning the app to roations and screens from the VuePilot dashboard.

Users will see a login screen when they first display the app on any machine, to which they can simply login with their own or a specific read-only service accounts credentials, just like they would from their own desktop.

The users session will persist just like any normal browser session would whilst the VuePilot software rotates through other pages.

Security

The Power BI dashboard or report is embedded into the VuePilot app which means  the users credentials are sent directly to the Microsoft servers and never to us.

VuePilot does not have any control or access to your Microsoft authentication session tokens or the length of time until your Power BI session expires

From a security perspective this is ideal as you never need to send or trust VuePilot with your companies credentials and all authentication credentials and tokens are between Microsoft and your company.

We do not have any control or access to your access tokens, nor can we change things such as token expiry or refresh token expiry times.  That is entirely managed by your IT Department through standard Active Directory / Azure and Microsoft identity platform controls within your organization.

Session Expiry

Microsoft Power BI works on an “access token” / “refresh token” system which is common across the internet.  This is essentially a system that upon login will grant you two tokens,  an access token with a short expiry (a few hours maybe)  and a refresh token with a longer expiry (a few months).

Refresh Token

During normal communication your access token will be sent to the authentication servers to authenticate you.  After a short period of time this token will expire and an error response will be sent back to which the client web application will respond by using the refresh token to generate a new access token and refresh the session.

This ensures that any attacker who is able to hijack the access token has only limited access for a brief period of time.

Once the refresh token expires then the user must perform a full login once again to renew it and the cycle repeats.

The thresholds for both these tokens expiry are controlled within Active Directory / Azure and Microsoft identity platform controls within your organization

Generally speaking, if you are needing to frequently login to your Power BI dashboards or reports, you will want to extend the expiry of your refresh tokens not the access token.

More Reading

Information regarding the conguration and management of session token expiration
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime

More information regarding access and refresh tokens can be found here: 
https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/

Display Information On Screens In Your Business. Get Started With A Free 14 Day Trial
Get Started For Free