Configure service principals on Azure Databricks for Power BI

This page describes how to set up a service principal in Azure Databricks if you want to enable machine-to-machine (M2M) OAuth authentication with Power BI.

Machine-to-Machine (M2M) OAuth provides a more secure authentication method for Power BI connections by using service principals instead of personal access tokens. This approach:

  • Eliminates credential rotation concerns associated with personal access tokens.
  • Provides centralized access management through service principals.
  • Enhances security.

Note

Power BI Desktop 2.143.878.0 (May 2025 release) or above is required for this authentication method.

Create a service principal and configure Azure Databricks for M2M OAuth

To set up and configure a service principal for M2M OAuth, do the following:

  1. Create a service principal and assign it to a workspace. See Add service principals to your account.

    • If you choose Microsoft Entra ID managed as your Management option during setup, paste the application or client ID for the service principal.
  2. Set up a client secret in Azure Databricks to generate access tokens. See Step 1: Create an OAuth secret.

    • For service principals synced from Entra, the client secret must be set in Azure Databricks. This secret is not the same secret created in Entra.
  3. Grant the service principal the SELECT privilege on the data assets used in Power BI. See Grant permissions on objects in a Unity Catalog metastore.

  4. Grant the service principal the CAN USE permission on the SQL warehouse used to connect to Power BI. See Manage a SQL warehouse.

Next steps