Configure Service Principal as PowerBI System Credential
Question
Instead of providing a user credential, or service account, is it possible to configure a Microsoft Power BI connector to use a Microsoft Service Principal? For security reasons, we do not want to add a user or service account to the Fabric Administrator role.
Answer
Service Principals can be used in the configuration of a PowerBI connector. Before the configuration of the Power BI connector can occur, some setup will be required in the Microsoft Azure portal, in the Entra ID module. Completing this configuration will require access to the the Azure portal, Entra ID, and the Power BI admin settings.
Using a Service Principal to configure the Power BI connector will provide access to workspaces, reports, and dashboards. Apps will NOT be accessible using a Service Principal.
If configuring a PowerBI Connector for the first time, an App registration will need to be created within the Azure portal. Please consult the Connecting to Microsoft PowerBI document on how to complete that task.
Ensure that you have captured the application ID, Tenant ID, and Client Secret Value as these will be required to complete the configuration.
Ensure that you have captured the application ID, Tenant ID, and Client Secret Value as these will be required to complete the configuration.
Once an app registration is defined in the Azure portal, a Security group must be created. If an appropriate security group and user have already been defined, you can skip ahead to the next section where Power BI admin settings must be modified.
- Within the Azure portal, open the Microsoft Entra ID module. Select Manage and go to Groups
- Press New group
- Provide a group name and description to the Security group, and leave the other settings to the default values
- Click on the No members selected link
- In the Add members dialog, browse or search for the correct app registration (Demo-ServicePrincipal was used in this example). Once located, press the Select button
While in Entra ID copy the tenant ID value from the overview screen as it will be required later.
Now that the proper settings in the Azure portal have been configured, some changes are now required in Power BI.
- Log into PowerBI web https://app.powerbi.com as a PowerBI administrator
- Click on Settings and select Admin portal
- Within the Tenant settings section, locate Developer settings
- Expand the Service principals can call Fabric public APIs section
- Select the Specific security groups option
- Add the Security group that was created earlier
- Press Apply
- Locate the Admin APIs settings section within the Tenant settings section
- Expand the Service principals can access read-only admin APIs section
- Select the Specific security groups option
- Add the Security group that was created earlier
- Press Apply
Now that the Entra ID work has been completed, the new Service Principal needs to be granted access to the appropriate Power BI workspaces.
- Launch https:/app.powerbi.com as a PowerBI administrator
- Open Settings and launch Admin Portal
- Click on WorkspacesB. The Service Principal requires access to the individual workspaces that users will need
- Click the three dots for a workspace, the vertical ellipsis, select Access and then add the Service Principal as a member
- Press Add
- Press Close
- Repeat steps 4-6 for all additional workspaces
Once the correct access for the Service Principal has been granted to the workspaces, the PowerBI connector in Digital Hive must be configured.
If the PowerBI connector hasn't already been created, please consult the Connecting to Microsoft PowerBI document- Launch Digital Hive as an administrator
- Click on the user avatar and select Manage Digital Hive
- Open Connectors
- Click on the Power BI connector
- Open the Settings tab
- Scroll to the bottom of the page and click Show Advanced
- Locate the Tenant ID field and paste in the tenant ID value obtained from Entra ID
- Enable the option to Use Service Principal as System Credential
- Press Save
- Press Re-authenticate
The last step is to execute some PowerBI content from within Digital Hive to ensure that all of the settings are correct.
Related Articles
Connecting to Microsoft PowerBI Embedded
Question Is it possible to use Microsoft Power BI Embedded within Digital Hive? Answer This feature was made available in the 2026.1 release. As a Digital Hive administrator, connecting to Microsoft PowerBI Embedded can be accomplished via the ...Connecting to Microsoft PowerBI Report Server
Question Is it possible to connect Digital Hive to an instance of Microsoft PowerBI Report Server? This is the on premises version of Power BI. Answer As a Digital Hive administrator, connecting to Microsoft PowerBI Report Server can be accomplished ...Connecting to Microsoft PowerBI
Question How do we connect Digital Hive to Microsoft PowerBI? Answer As a Digital Hive administrator, connecting to Microsoft PowerBI can be accomplished via the following steps: Connecting Digital Hive to PowerBI requires that an app registration ...Create a Digital Hive Azure App Registration for PowerBI
Question Are there any prerequisites for connecting PowerBI to Digital Hive so that users can access PowerBI content? Answer Similar to other Cloud based hosted solutions that use REST interfaces, like Google and Box, an Azure AD application to use ...Displaying a Specific PowerBI Report Page
Question Within in PowerBI report, there are multiple pages. When a PowerBI report is embedded into Digital Hive, the default page is shown, but I would like for a different page to be displayed. For example, the default page is Overview but I want ...