I followed the article listed here https://learn.microsoft.com/en-us/power-bi/developer/embedded/embed-service-principal
I then wrote a C# console application that first generates an access token and then generates an embed token using the Power BI Nuget library method GetReportInGroupAsync
However, this method throws an Unauthorized error. I printed the response data and saw the following header;
X-PowerBI-Error-Info: ServicePrincipalIsNotAllowedByTenantAdminSwitch
My Power BI admin has already enabled this setting in the Power BI Admin Portal and the security group that contains my service principal is added to the list of groups for which access is allowed.
What am I missing?
I resolved this by removing the Azure AD group from Power BI and then adding it again. I raised a ticket with Microsoft and this is how we solved it