Advance your Data & AI career with 50 days of live learning, dataviz contests, hands-on challenges, study groups & certifications and more!
Get registeredJoin us at FabCon Atlanta from March 16 - 20, 2026, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM. Register now.
Currently the Service principal account cannot leverage the On-Premises Data Gateway since it is not a mail-enabled account. This prevents a Power BI Embedded solution to leverage an on-premises SSAS tabular model using the service principal. Instead we need a full-blown power BI pro license for a service account. Is it on the roadmap to add this capability?
Hi
Impossible to add a AAD SP to gateway users (As adim for example)
But it can be done VIA powershell
This issue has been fixed in Q2 2023.
It is now possible to use the GUI to add a SPN as a user to a both the gateway and to the datasources on the gateway.
Hi @AdamWidi / @Jayendran / @brentcarlson / @baouss / @ilav ,
I managed to add the Security Group my Service Principal belongs to to the Gateway Admins via the Power Platform Admin Portal.
Things work fine from then on.
Hope this helps !
Franck
Hello Axires,
How did you manage to add the group you service principal belongs?
I tried to do it but when I call PBI API to get list of gateways, the result is empty.
Thanks
Hi @AdamWidi / @brentcarlson / @baouss ,
Currently this is not yet implemented by PowerBI. I've already asked the same question long back and found this idea is already asked and waiting for more votes.
Please provide you vote for the below idea.
I'll reach out to powerbi team and will try to find the ETA for this feature.
@Jayendran Thanks for the info! Let us know if you hear anything from the Power BI team on this issue.
Also, I read a Microsoft documents that states: Customers that configure row-level security (RLS) using an SQL Server Analysis Services (SSAS) on-premises live connection data source can enjoy the new service principal capability to manage users and their access to data in SSAS when integrating with Power BI Embedded. (https://docs.microsoft.com/en-us/power-bi/developer/embedded-row-level-security#on-premises-data-gat...). This articles implies, that even though you have to use the API to add it, it should work? Based on what your saying is this documentation wrong (or am I misunderstanding it?)
Thanks!
Thanks @brentcarlson for the link to the article. Based on the date of the post, the capabability was added after we initially attempted, so this may now be possible.
@AdamWidi Let us know if you get this working. So far, we haven't been able to see it work; even though the service principal shows up in the access list for the gateway now.
Were you able to map the DSN associated to the gateway via an Powershell or API?
We still have not been able to get this work. We got the gateway to show the Service Principal using the API call; however we think the issue stems inside of SQL Server and/or SQL Server Analysis Services. When using Azure hosted SQL Analysis Servvices there is an option to add an appid (of the Service Principal); on-premise SQL Analysis Services does not give this option. We think this is why it is not working (and makes sense); as the Service Principal doesn't have access to SQL. We are looking at alternatives on how to translate the authentication from the gateway into SQL Analysis Services. The documenation implies this should work but doesn't give any details on how to make it work.
I did get a suggestion to try adding the Service Principal to an Azure AD group, make this group a gateway admin, and add user mapping in the gateway connection. Has anyone had success with this approach?
Was anyone ever able to solve this? I have the same issue. I was able to add the service principal to the data source on the on-premise gateway using the API; but it still doesn't seem to work even though the service principal now shows in the access list.
Followed the example here: https://docs.microsoft.com/en-us/rest/api/power-bi/gateways/adddatasourceuser - Tried using both ReadOverrideEffectiveIdentity and Read as the datasourceAccessRight
You need to add the service principal as gateway admin and not as datasource.I also have same issue as sp doenst have email id to get added it as an admin.Any one knows how to get this added?Thanks
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | 
| User | Count | 
|---|---|
| 8 | |
| 3 | |
| 3 | |
| 3 | |
| 2 |