FHIR connector authentication
This article explains authenticated access to FHIR servers using the Power Query connector for FHIR. The connector supports anonymous access to publicly accessible FHIR servers and authenticated access to FHIR servers using Microsoft Entra ID (organizational) authentication. The Azure API for FHIR is secured with Microsoft Entra ID.
Note
If you are connecting to a FHIR server from an online service, such as Power BI service, you can only use an organizational account.
Anonymous access
There are many publicly accessible FHIR servers. To enable testing with these public servers, the Power Query connector for FHIR supports the "Anonymous" authentication scheme. For example to access the public https://server.fire.ly
server:
Enter the URL of the public Firely server.
Select Anonymous authentication scheme.
After that, follow the steps to query and shape your data.
Microsoft Entra ID (organizational) authentication
The Power Query connector for FHIR supports OAuth authentication for FHIR servers that are secured with Microsoft Entra ID.
To use Microsoft Entra ID authentication, select Organizational account when connecting.
There are some restrictions to be aware of:
The expected Audience for the FHIR server must be equal to the base URL of the FHIR server. For the Azure API for FHIR, you can set this when you provision the FHIR service or later in the portal.
If your FHIR server doesn't return a
WWW-Authenticate
challenge header with anauthorization_uri
field on failed authorization, you must use an organizational account to sign in. You can't use a guest account in your active directory tenant. For the Azure API for FHIR, you must use an Microsoft Entra ID organizational account.If your FHIR service isn't the Azure API for FHIR (for example, if you're running the open source Microsoft FHIR server for Azure), you'll have registered an Microsoft Entra ID resource application for the FHIR server. You must pre-authorize the Power BI client application to be able to access this resource application.
The client ID for the Power BI client is
a672d62c-fc7b-4e81-a576-e60dc46e951d
.The Power Query (for example, Power BI) client will only request a single scope:
user_impersonation
. This scope must be available and the FHIR server can't rely on other scopes.
Next steps
In this article, you've learned how to use the Power Query connector for FHIR authentication features. Next, explore query folding.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for