October 11, 2024|tutorial|

how to set a service principal as the authentication method in a fabric connection.

introduction.

When using a Fabric artifact as a source in Power BI Desktop, it is currently only possible to set a service principal as the underlaying authentication method when choosing the SQL endpoint of a Lakehouse. The same is observable, when trying to create a connection in Fabric. At time of writing this blog article, for the Fabric artifacts Warehouse, Lakehouse (not via the SQL endpoint) and KQL Database, it is only possible to set OAuth2 as the method of authentication.
For import mode models, my “go to” authentication method usually is a service principal. This way, we are not using a user’s credentials to fetch tokens in order to access the source. Earlier, in order to use a service principal for authentication, we had to make a service principal taking over the semantic model. In Fabric, however, you can utilise a service principal for authentication purposes just by specifying it in the connection – at least for some sources. Bear in mind, service principals come with a maintenance cost. In a perfect world, you would want to roll service principal secrets on a regular base.
I got the idea for this blog article from the Fabric community. Feel free to reach out to me, if you got any questions about the community – it’s an inclusive place where Fabricans try to help each other.

prerequisites.

1. A Fabric capacity and workspace
2. A semantic model deployed to Fabric

1. What’s the goal?

The goal is to be able to use a Service Principal as the Authentication method in a Fabric connection, in our case we try to connect a Power BI semantic model to a Fabric Lakehouse.

2. Create a service principal in Azure

First, we need to create a service principal in Azure. For this, go into the Azure Portal and create a new app registration. Note, there is no need to setup any scopes/API permissions.

In the connection, we need to specify the tenant ID, the service principal ID and the service principal key. The Tenant ID (or Directory ID) can be found in the Overview tab of your service principal. The Service principal ID equals the Application or Client ID that is displayed on the same screen: