Connection Issues Between Fabric and Databricks SQ...

avisri

We need to connect Microsoft Fabric (Dataflow Gen2/Notebooks) to a private Databricks SQL Warehouse using a service account. The service account can only authenticate via Chrome "different user" login for Databricks access. How should we configure Fabric to use this service account context?

Current Setup

ComponentStatus

Service Account	- Can access Databricks via Chrome ("different user" login)
	- Added as a Contributor in the Fabric workspace
Fabric Access	- Users access Fabric with individual AAD accounts (MFA-enabled)
Databricks	- Behind the private endpoint
Authentication	- AAD or PAT token options available

Core Questions

Service Account Login in Fabric
- Since we access Fabric with our individual accounts, do we need to log into Fabric separately with the service account to use its permissions?
- Or can Fabric items (Dataflows/Notebooks) automatically use the service account context when configured?
Permission Inheritance
If we:
- Remain logged into Fabric with our personal accounts
- But set up a Databricks connection using the service account's credentials...
  Will Fabric:
- Automatically authenticate to Databricks as the service account?
- Honor the service account's AD group permissions?

What We've Tried

ApproachResult

Personal account + service account PAT	Access denied
Personal account + AAD credentials	Authentication fail
Service account interactive Fabric login	Blocked by MFA

Specific Questions for Community

Credential Configuration
How to configure Fabric to use service account credentials for Databricks connections:
- When logged in with personal accounts?
- Without an interactive service account login?
Connection Methods
Which method works best in this scenario?
- AAD authentication using service account credentials
- PAT token stored in Fabric
- Other alternatives?
Security Practices
- How to securely store/service account credentials in Fabric?
- Any service principal configuration requirements?
Network Considerations
- Does private endpoint affect credential-based authentication differently than PAT?

Environment:

Fabric Capacity: F128

Appreciate any insights on configuring service account context without interactive login! Examples or screenshots of credential setup would be invaluable.

v-ssriganesh

Hello @avisri,
Thank you for reaching out to the Microsoft Fabric Community Forum.

Based on your setup, Fabric does not automatically use the service account when logged in with personal accounts. You’ll need to configure the service account credentials explicitly.

Use a service principal with AAD authentication first Create a service principal in Azure AD and Add it to the AD group (ITS-EP-AZR-DHL-DatabricksDataSQUsers) and assign Contributor role in the Fabric workspace then configure the service principal in Fabric’s Databricks.

Avoid hardcoding credentials: use Key Vault for storage.
Check the private endpoint allows the service principal’s identity. Verify network rules if issues persist.

Your attempts (PAT/AAD with personal accounts) likely failed due to missing service account context or permissions. The service principal method should resolve this.

If you have any further questions, please don't hesitate to contact us through the community. We are happy to assist you.

Best Regards,
Ganesh Singamshetty.