Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
db042190
Post Prodigy
Post Prodigy

2 of 3 steps done for non expiring id in pbi

‎07-11-2025 11:15 AM

hi , as you can see at https://community.fabric.microsoft.com/t5/Service/trying-non-expiring-id-in-pbi-and-it-doesnt-work/m...   i've now given our non expiring id elevated privileges in ssas and got this to start working.   Then i gave it elevated privileges in the engine and got that to work too, at least by modifying the previous connection's settings.  New connection on same report was a different story but i'll run that problem out in  different post.

 

Now, my understadning is that any republish will break things anyway (as we are used to) , at least requiring IT involvement, unless i take a third step that was touched on at https://community.fabric.microsoft.com/t5/Service/using-a-non-expiring-id-without-giving-pswd-away/m... and perhaps described as using a "service principal".   Its also my understanding that there are 2 choices for that 3rd step.   One can be done without the gateway's admin, the other only with a gateways admin involved.   Its also my understanding that the approach that doesnt use the gateway admin's involvement may be limited (eventually?) depending on the licenses we have.    I'll start looking this up but suspect i'll need some guidance to stay out of rabbit holes.

Labels:
Message 1 of 8
215 Views
0
7 REPLIES 7
v-dineshya
Community Support
Community Support

‎07-14-2025 06:01 AM

Hi @db042190 ,

Thank you for reaching out to the Microsoft Community Forum.

 

You are trying to securely use a non-expiring ID like a service principal in Power BI without exposing passwords, especially during republishing scenarios. You have already completed two steps elevating privileges in SSAS and the engine and are now exploring the third step involving service principals.

 

Please check below things to fix the issue.

 

1. Embedding with V2 tokens requires proper workspace hosting in Fabric and correct API usage.


2. Credential binding issues often stem from stale mappings or gateway misconfigurations.


3. Rebinding datasets after republishing is essential to avoid broken connections.


4. Please Confirm your workspace is hosted in Fabric or Embedded capacity.


5. Use a service principal with a client secret stored in Azure Key Vault.


6. Configure the dataset to use this identity in Power BI Service settings.


7. Avoid browser logins with the service principal it’s API-based.


8. Coordinate with your gateway admin if on-premises sources are involved.


9. Rotate secrets or switch to certificates to avoid 2-year expiry.

 

Please refer below link.

Service account to connect power BI to SQL database Entre ID credential or service principal - Micro...

 

I hope this information helps. Please do let us know if you have any further queries.

 

Regards,

Dinesh

Message 3 of 8
128 Views
0
db042190
Post Prodigy
Post Prodigy
In response to v-dineshya

‎07-15-2025 10:38 AM

thx dinesh.   there is no issue.   so im lost when you say to "fix the issue".  im trying to determine what my next step is.

 

i want my non expiring id to basically stay on the report and in effect at re publish or even be specified by the user the first time he publishes.  is that possible?   The idea is for IT not to get involved.   what special licenses or capacities or additional products do i need? 

 

as far as i know all we have right now is pro licenses on everybody.   but if the community was to describe a low cost path for my 3rd step (hopefully last) , maybe we can request it.  Communicating to me clearly would help as what you listed is TMI to me.  no offense.  most of what you listed looks more like fixing.  I want to set up for the first time.  Are you saying i need embedded or fabric?   even if we use the gateway admin approach which sounded like a different path?   it seems there must be  a way to explain this in simple terms so i can get started.  on prem sources are involved.  if the only reason im getting fabric is for 20 reports/dashboards to be allowed to use this non expiring id and not break at republish, how much will it cost?  They are in 3-4 different workspaces.

Message 4 of 8
108 Views
0
v-dineshya
Community Support
Community Support
In response to db042190

‎07-16-2025 03:37 AM

Hi @db042190 ,


There are two main approaches:

 

1. For on-prem sources requires the gateway admin to add the service principal to the gateway. Configure the data source credentials using the service principal’s client secret or certificate. Store secrets securely in Azure Key Vault. Once set up , no browser login is needed, and report publishers don’t need to know the credentials.


2. For cloud sources or Fabric-hosted datasets. You can configure the service principal in the dataset settings directly. But for on-prem sources, this won’t work unless the gateway admin is involved.

 

Licensing & Capacity Requirements:

 

For service principal-based automation and embedding, you need below requirements.


1. For Use of Service Principal, you need Power BI Pro + Admin Portal setting enabled.

 

2. For Embedding with Service Principal, you need Power BI Embedded (A SKU) or Fabric Capacity (F SKU).

 

3. For On-premises Gateway Integration, you need Gateway Admin access.

 

4. For Azure Key Vault Integration, you need Azure Subscription.

 

5. For API-based automation, you need Power BI Admin API permissions.

 

Note: If your goal is to allow 20 reports across 3–4 workspaces to use a non-expiring ID without breaking on republish, Power BI Embedded A1 SKU (~$735/month) might be the path. It allows you to host reports in a dedicated capacity and bind them to datasets using service principals.

 

Please refer below Microsoft official document.

Embed Power BI content in an embedded analytics application with service principal and an applicatio...

 

I hope this information helps. Please do let us know if you have any further queries.

 

Regards,

Dinesh

 

 

 

Message 5 of 8
84 Views
0
v-dineshya
Community Support
Community Support
In response to v-dineshya

‎07-21-2025 07:04 AM

Hi @db042190 ,

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. And, if you have any further query do let us know.

 

Regards,

Dinesh

Message 6 of 8
59 Views
0
v-dineshya
Community Support
Community Support
In response to v-dineshya

‎07-24-2025 10:39 AM

Hi @db042190 ,

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. And, if you have any further query do let us know.

 

Regards,

Dinesh

Message 7 of 8
38 Views
0
v-dineshya
Community Support
Community Support
In response to v-dineshya

Monday

Hi @db042190 ,

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. And, if you have any further query do let us know.

 

Regards,

Dinesh

Message 8 of 8
23 Views
0
db042190
Post Prodigy
Post Prodigy

‎07-11-2025 11:29 AM

the 1st link i looked at talks about fabric which i dont believe we pay for but i have heared of free fabric. it also talks about api's and im not understanding the connection to api's, at least for what i want to accomplish. https://www.powerbisentinel.com/creating-a-service-principal-and-connecting-to-power-bi/

 

the 2nd link talks about the difference between service principal and service acct. and neither sounds relevant to what i want to do. https://www.reddit.com/r/PowerApps/comments/1agixuz/service_account_vs_service_principal/

 

the 3rd link makes me think this isn't happening without premium or embedded. Which we dont have. https://sqlswimmer.com/2023/07/17/steps-to-have-a-service-principal-take-over-a-dataset-in-power-bi-... . If we can get premium, is that something assigned to one person or one workspace? But then would it matter which workspace we want this service principal feature to work in?

 

im definitely in a  rabbit hole.   the goal is for users to be able to at least re specify the non expiring id after they republish, as the cred to use...without knowing the password.

 

also, i saw something about these expiring anyway after 2 yrs.   that defeats the purpose.   this is pretty complicated.

Message 2 of 8
205 Views
0

Helpful resources

Announcements
July 2025 community update carousel

Fabric Community Update - July 2025

Find out what's new and trending in the Fabric community.

July PBI25 Carousel

Power BI Monthly Update - July 2025

Check out the July 2025 Power BI update to learn about new features.

View All