Service principal support in Data Factory
Azure service principal (SPN) is a security identity that's application based and can be assigned permissions to access your data sources. Service principals are used to safely connect to data, without a user identity. To learn more about service principals, go to Application and service principal objects in Microsoft Entra ID.
Within Microsoft Fabric, service principal authentication is supported in datasets, dataflows (both Dataflow Gen1 and Dataflow Gen2), and datamarts.
Supported data sources
Currently, the SPN authentication type only supports the following data sources:
- Azure Data Lake Storage
- Azure Data Lake Storage Gen2
- Azure Blob Storage
- Azure Synapse Analytics
- Azure SQL Database
- Dataverse
- SharePoint online
- Web
Note
Service principal isn't supported on the on-premises data gateway and virtual network data gateway.
Service principal authentication isn't supported for a SQL data source with Direct Query in datasets.
How to use service principals to connect to your data in Dataflow Gen2
In this example, you can use service principal to connect to Azure Data Lake Storage Gen2 through Dataflow Gen2.
Prerequisite
Create a service principal using Azure.
Grant permission for the application to have read access to the data source. For example, if you're using a data lake, make sure the application has storage blob data reader access.
Connect to your data using service principal in Dataflow Gen2
Navigate to Fabric.
Create a new Dataflow Gen2 or edit an existing one where you would like to add the data source.
Select the data source to authenticate using SPN. In this example, you're connecting to an Azure Data Lake Storage Gen2 account.
Fill in the data source URL and select Create new connection.
Change Authentication kind to Service principal.
Fill in the Tenant ID in the connection settings. You can find the tenant ID in Azure where the SPN was created.
Fill in the Service principal client ID in the connection settings. You can find the client ID in Azure where the SPN was created.
Fill in the Service principal key in the connection settings. You can find the service principal key in Azure where the SPN was created.
Finally, select Next in the connection settings to authenticate to the data source.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for