Configure service principals on SAP Databricks for Power BI

This page describes how to set up a service principal in SAP Databricks if you want to enable machine-to-machine (M2M) OAuth authentication with Power BI.

Machine-to-Machine (M2M) OAuth provides a more secure authentication method for Power BI connections by using service principals instead of personal access tokens. This approach:

• Eliminates credential rotation concerns associated with personal access tokens.
• Provides centralized access management through service principals.
• Enhances security.

note

Power BI Desktop 2.143.878.0 (May 2025 release) or above is required for this authentication method.

Create a service principal and configure SAP Databricks for M2M OAuth

To set up and configure a service principal for M2M OAuth, do the following:

1. Create a service principal and assign it to a workspace. See Identity management and permissions.

2. Set up a client secret in SAP Databricks to generate access tokens. Account admins and workspace admins can create an OAuth secret:

   1. In the service principal’s details page, open the Secrets tab.
   2. Under OAuth secrets, click Generate secret.
   3. Set the secret’s lifetime in days (maximum 730 days).
   4. Copy the displayed secret and client ID, then click Done. The secret is shown only once. The client ID is the same as the service principal’s application ID.
   note

   To enable the service principal to use clusters or SQL warehouses, you must give the service principal access to them.

3. Grant the service principal the SELECT privilege on the data assets used in Power BI. See Database objects in SAP Databricks.

4. Grant the service principal the CAN USE permission on the SQL warehouse used to connect to Power BI.

Next steps

• Connect Power BI Desktop to SAP Databricks
• Publish to the Power BI service from SAP Databricks