Configure service principals on Databricks for Power BI
This page describes how to set up a service principal in Databricks if you want to enable machine-to-machine (M2M) OAuth authentication with Power BI.
Machine-to-Machine (M2M) OAuth provides a more secure authentication method for Power BI connections by using service principals instead of personal access tokens. This approach:
- Eliminates credential rotation concerns associated with personal access tokens.
- Provides centralized access management through service principals.
- Enhances security.
Power BI Desktop 2.143.878.0 (May 2025 release) or above is required for this authentication method.
Create a service principal and configure Databricks for M2M OAuth
To set up and configure a service principal for M2M OAuth, do the following:
-
Create a service principal and assign it to a workspace. See Add service principals to your account.
-
Set up a client secret in Databricks to generate access tokens. See Step 1: Create an OAuth secret.
-
Grant the service principal the
SELECT
privilege on the data assets used in Power BI. See Grant permissions on objects in a Unity Catalog metastore. -
Grant the service principal the CAN USE permission on the SQL warehouse used to connect to Power BI. See Manage a SQL warehouse.