Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Data Days is here! Join us now for 60+ days of learning, challenges, and connection. Learn more

frithjof_v

Lakehouse connection - Service Principal authentication

Submitted by Community Champion on ‎11-02-2025 11:43 AM

We need support for Service Principal authentication when creating Lakehouse connections.

 

Right now, Lakehouse connections can only be created using a user account. As a result, Dataflow Gen2, Pipeline copy activity, and Copy Job cannot use a Service Principal (SPN) when connecting to a Fabric Lakehouse as a source or destination.

 

This is an issue for us. We want to avoid user-based connections because:

  • We need environment-specific identities (dev/test/prod) to prevent accidental cross-environment writes (e.g., dev pushing data to prod).

  • Tying connections to personal user accounts creates fragility - things break when someone leaves the project or the organization.

Service Principal support for Lakehouse connections is required to ensure secure, reliable, and environment-isolated authentication.

 

frithjof_v_0-1762111790425.png

The screenshot shows that only user authentication is available, not service principal authentication.

Status: Needs Votes
8 Comments (8 New)
Comments
frithjof_v
Community Champion
Community Champion
‎10-18-2025 08:59 AM

Currently, the Lakehouse destination only supports Organizational account authentication.

 

This means the destination connection is depending on a specific user's account.

 

Please make it possible to use Service Principal authentication instead.

 

By going through the destination settings inside the Dataflow Gen2, I can see that the options for connecting to the various destinations are:

 

* **Lakehouse**

   * Organizational account

* **Warehouse**

   * Organizational account

   * Service Principal

* **Fabric SQL Database**

   * Organizational account

   * Service Principal

* **Azure SQL Database**

   * Basic (username/password)

   * Organizational account

   * Service Principal

   * Workspace identity

   * Note: Basic and Service Principal options can use Azure Key Vault references in this connector.

* **Azure Data Explorer**

   * Organizational account

   * Service Principal

* **SharePoint**

   * Anonymous

   * Organizational account

   * Service Principal

   * Workspace identity

* **Azure Data Lake Storage Gen2**

   * Account key

   * Organizational account

   * Shared Access Signature (SAS)

   * Service Principal

   * Workspace identity

 

(Sorry about the bad formatting).

 

The Lakehouse destination only supports Organizational account - why?

wesleyallinq
Regular Visitor
‎11-10-2025 11:56 PM
thanks you so much for posting this! I was looking for a solution, but apparently it doesn't exist yet.
acteon_jon_catt
Frequent Visitor
‎12-02-2025 01:41 AM
Thanks for raising this @frithjof_v , I came here to post about this exact issue. It's the same with general ownership of artifacts, something I've raised a couple of times now - Service Principals seem to be an after thought, which is backwards IMHO.
camec10
Regular Visitor
‎01-16-2026 02:43 PM
Any word on this feature being added? Seems odd to force connections to be user accounts that can ultimately expire and break pipelines, etc. across the organization.
miguel
Community Admin
Community Admin
‎03-05-2026 05:08 AM
Status changed to: Needs Votes
 
miguel
Community Admin
Community Admin
‎03-05-2026 05:11 AM
Status changed to: Needs Votes
 
Michael_Ba
Regular Visitor
‎03-13-2026 02:21 AM
We direly need this (even better would be Service Principal & Workspace Identity Auth)!
iliassoto_lgt
Frequent Visitor
‎04-16-2026 11:54 PM
This seems like such a basic feature... I cannot believe that this isn't possible yet. How are projects with hundreds of pipelines and copy activities supposed to scale?