Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This page describes how to set up a service principal in Azure Databricks if you want to enable machine-to-machine (M2M) OAuth authentication with Power BI.
M2M OAuth provides a more secure authentication method for Power BI connections by using service principals instead of personal access tokens. This approach:
- Eliminates credential rotation concerns associated with personal access tokens.
- Provides centralized access management through service principals.
- Enhances security.
Power BI Desktop 2.143.878.0 (May 2025 release) or above is required for this authentication method.
Important
For Microsoft Entra ID managed service principal, M2M OAuth with Power BI has a 1-hour limit. Any workflow that runs longer than 1 hour fails because the Power BI connector cannot refresh the OAuth access token.
For Azure Databricks managed service principal, the connector refreshes the token automatically and this limit does not apply.
Create a service principal and configure Azure Databricks for M2M OAuth
To set up and configure a service principal for M2M OAuth, do the following:
Create a service principal and assign it to a workspace. See Add service principals to your account.
- If you choose Microsoft Entra ID managed as your Management option during setup, paste the application or client ID for the service principal.
Set up a client secret in Azure Databricks to generate access tokens. See Step 1: Create an OAuth secret.
- For service principals synced from Entra, the client secret must be set in Azure Databricks. This secret is not the same secret created in Entra.
Grant the service principal the
SELECTprivilege on the data assets used in Power BI. See Grant permissions on an object.Grant the service principal the CAN USE permission on the SQL warehouse used to connect to Power BI. See Manage a SQL warehouse.