Events
Mar 31, 11 PM - Apr 2, 11 PM
The biggest Fabric, Power BI, and SQL learning event. March 31 – April 2. Use code FABINSIDER to save $400.
Register todayThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Service principal is an authentication method that can be used to let a Microsoft Entra application access Microsoft Fabric content and APIs.
When you create a Microsoft Entra app, a service principal object is created. The service principal object, also known simply as the service principal, allows Microsoft Entra ID to authenticate your app. Once authenticated, the app can access Microsoft Entra tenant resources.
To enable service principal authentication for Power BI read-only APIs, follow these steps:
Create a Microsoft Entra app. You can skip this step if you already have a Microsoft Entra app you want to use. Take note of the App-Id for later steps.
Important
Make sure the app you use doesn't have any admin-consent required permissions for Power BI set on it in the Azure portal. See how to check whether your app has any such permissions.
Create a new Microsoft Entra Security Group. Read more about how to create a basic group and add members using Microsoft Entra. You can skip this step if you already have a Microsoft Entra security group you would like to use. Make sure to select Security as the Group type.
Add your App-Id as a member of the security group you created. To do so:
Important
Make sure the app doesn't have any admin-consent required permissions for Power BI set on it in the Azure portal. See how to check whether your app has any such permissions.
Enable the Fabric admin settings:
Sign in to the Fabric admin portal. You need to be a Fabric admin to see the tenant settings page.
Under Admin API settings, Service principals can access read-only admin APIs displays. Set the toggle to Enabled, and then select the Specific security groups radio button and add the security group you created in Step 2 in the text field that appears below it.
Start using the read-only admin APIs. See the list of supported APIs below.
Important
An app using service principal authentication that calls read-only admin APIs must not have any admin-consent required permissions for Power BI set on it in the Azure portal. See how to check whether your app has any such permissions.
Service principal authentication is currently supported for the following read-only admin APIs.
An app using service principal authentication that calls read-only admin APIs must not have any admin-consent required permissions for Power BI set on it in the Azure portal. To check the assigned permissions:
Events
Mar 31, 11 PM - Apr 2, 11 PM
The biggest Fabric, Power BI, and SQL learning event. March 31 – April 2. Use code FABINSIDER to save $400.
Register todayTraining
Module
Authenticate your Azure deployment pipeline by using service principals - Training
Learn how to create, manage, and grant permissions to service principals, which enable your deployment pipelines to securely authenticate to Azure.
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.