Configure service principals on Databricks for Power BI

This page describes how to set up a service principal in Databricks if you want to enable machine-to-machine (M2M) OAuth authentication with Power BI.

Machine-to-Machine (M2M) OAuth provides a more secure authentication method for Power BI connections by using service principals instead of personal access tokens. This approach:

• Eliminates credential rotation concerns associated with personal access tokens.
• Provides centralized access management through service principals.
• Enhances security.

note

Power BI Desktop 2.143.878.0 (May 2025 release) or above is required for this authentication method.

Create a service principal and configure Databricks for M2M OAuth

To set up and configure a service principal for M2M OAuth, do the following:

1. Create a service principal and assign it to a workspace. See Add service principals to your account.

2. Set up a client secret in Databricks to generate access tokens. See Step 1: Create an OAuth secret.

3. Grant the service principal the SELECT privilege on the data assets used in Power BI. See Grant permissions on objects in a Unity Catalog metastore.

4. Grant the service principal the CAN USE permission on the SQL warehouse used to connect to Power BI. See Manage a SQL warehouse.

Next steps

• Connect Power BI Desktop to Databricks

• Publish to the Power BI service from Databricks