Creating a user principal app in AAD App Registrations

SoftwareUser 41 Reputation points

We are using the Power BI API to access PBI and Azure services and resources. Our app uses a hybrid authentication scheme, with both user and service principal mechanisms although we would like to move away from the use of a user principal app.

Our problem is that certain PBI resources, such as gateways and data sources require access via a user principal app.

Until we figure that part out, we are having lots of trouble setting up a user principal app in AAD>>App Registrations. It looks like any new registration only creates a service principal.

How can we set up a user principal app linked to a master Power BI Pro licensed user account that already exists in AAD?

Thanks for any assistance provided in advance.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,081 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,441 Reputation points

    Hi @SoftwareUser · Thank you for reaching out.

    There is no concept of user principal app in Azure AD. App Registration always create an associated Service Principal. The App Registration that you perform in Azure AD can be used to acquire tokens in both User as well as Application (Service Principal) context, depending on authentication flow that you use for this purpose.

    Below are some examples of authentication flows that you can use to acquire token in Users' context:

    Below authentication flow is used to acquire token under Application (Service Principal) context:

    Now, when you use the user token to access the application (PBI in your case), it will be accessed under user context. If Application token is used to get access to the application, it will be accessed under App/SP context.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

  2. SoftwareUser 41 Reputation points

    We resolved the issue.

    The service principal app is linked to the Power BI user in AAD by adding that user account to the service principal app in User and Groups section of the app. Once we did that, we were able to authenticate against both the user and service principals.

    0 comments No comments