Skip to main content

Configure service principals on Databricks for Power BI

This page describes how to set up a service principal in Databricks if you want to enable machine-to-machine (M2M) OAuth authentication with Power BI.

Machine-to-Machine (M2M) OAuth provides a more secure authentication method for Power BI connections by using service principals instead of personal access tokens. This approach:

  • Eliminates credential rotation concerns associated with personal access tokens.
  • Provides centralized access management through service principals.
  • Enhances security.
note

Power BI Desktop 2.143.878.0 (May 2025 release) or above is required for this authentication method.

Create a service principal and configure Databricks for M2M OAuth

To set up and configure a service principal for M2M OAuth, do the following:

  1. Create a service principal and assign it to a workspace. See Add service principals to your account.

  2. Set up a client secret in Databricks to generate access tokens. See Step 1: Create an OAuth secret.

  3. Grant the service principal the SELECT privilege on the data assets used in Power BI. See Grant permissions on objects in a Unity Catalog metastore.

  4. Grant the service principal the CAN USE permission on the SQL warehouse used to connect to Power BI. See Manage a SQL warehouse.

Next steps