The VuePilot Microsoft Power BI app is based around the standard Power BI embedding functionality that Microsoft provides. VuePilot does not require you to store credentials or private company details within our database, instead it will simply embed your report or dashboard into a portable app which can then be distributed and displayed around your business by simply assigning the app to roations and screens from the VuePilot dashboard.
Users will see a login screen when they first display the app on any machine, to which they can simply login with their own or a specific read-only service accounts credentials, just like they would from their own desktop.
The users session will persist just like any normal browser session would whilst the VuePilot software rotates through other pages.
The Power BI dashboard or report is embedded into the VuePilot app which means the users credentials are sent directly to the Microsoft servers and never to us.
From a security perspective this is ideal as you never need to send or trust VuePilot with your companies credentials and all authentication credentials and tokens are between Microsoft and your company.
We do not have any control or access to your access tokens, nor can we change things such as token expiry or refresh token expiry times. That is entirely managed by your IT Department through standard Active Directory / Azure and Microsoft identity platform controls within your organization.
Microsoft Power BI works on an “access token” / “refresh token” system which is common across the internet. This is essentially a system that upon login will grant you two tokens, an access token with a short expiry (a few hours maybe) and a refresh token with a longer expiry (a few months).
During normal communication your access token will be sent to the authentication servers to authenticate you. After a short period of time this token will expire and an error response will be sent back to which the client web application will respond by using the refresh token to generate a new access token and refresh the session.
This ensures that any attacker who is able to hijack the access token has only limited access for a brief period of time.
Once the refresh token expires then the user must perform a full login once again to renew it and the cycle repeats.
The thresholds for both these tokens expiry are controlled within Active Directory / Azure and Microsoft identity platform controls within your organization
Generally speaking, if you are needing to frequently login to your Power BI dashboards or reports, you will want to extend the expiry of your refresh tokens not the access token.
Information regarding the conguration and management of session token expiration
More information regarding access and refresh tokens can be found here: