Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Compete to become Power BI Data Viz World Champion! First round ends August 18th. Get started.

Reply
rodneyc8063
Advocate I
Advocate I

PBI Gateway to Azure Databricks Connection Error: Unable to start OAuth login for this data source?

‎02-10-2025 01:08 PM

G'day folks

 

My team is looking into using Azure Databricks as a data source and am hitting an error

 

Background: Our Azure Databricks is on a "Private Link" I believe is the terminology (I need to use a VPN in order to login to it). I can connect to Azure Databricks through PBI Desktop using my Azure Active Directory once logged into VPN.

 

Next step was to upload a very basic PBI desktop report to the service and try to refresh it there. Since our Azure Databricks is set up with a "Private Link" (not publicly available) I assumed we would need to create a gateway connection (PBI Gateway)

 

My issue is when I try to create a gateway to connect to our Azure Databricks instance I am hitting a few walls (errors)

 

When creating the gateway I see the following 3 initial options

 

1) On Premise
2) Virtual network
3) Cloud

 

rodneyc8063_0-1739221238053.png

 

We do have some on premise Oracle databases that we have used a gateway to set up connections to which is working just fine.

 

Initially I assumed that I would need to configure an "On Premise" Gateway again since our Azure Databricks has a "Private Link" and I see the following login options

 

1) Username/Password (As per Databricks sounds like this is deprecated as of July 2024)

2) Personal Access Token

3) Azure Active Directory

 

rodneyc8063_0-1739221716480.png

 

I chose Azure Active Directory and then I see the following

 

rodneyc8063_2-1739221469056.png

 

So when I try to click on "Edit Credentials" I then hit the following error

 

rodneyc8063_3-1739221499686.png

rodneyc8063_4-1739221536831.png

Unable to start OAuth login for this data source. OAuth login through the data gateway was unsuccessful due to user. Specific error details available below and in the gateway logs

Details: PBI_GW01: Unable to connect to the remote server Please have this information handy if you choose to create a support ticket. Session Id: 9e0c2aab-0972-4c90-8a3c-f88bfd8f3355 RequestId: 8b32568e-791d-4272-bcc1-9b36c4e8ef6a Cluster URI: https://api.powerbi.com Status code: 400 Time: Mon Feb 10 2025 16:04:51 GMT-0500 (Eastern Standard Time)

 

Few questions

 

1) Given our Azure Databricks set up being on a private link is it fair to assume firstly we do need a PBI gateway?

2) I was trying to find more information but I cant seem to figure out whether I should use an "On Premise" vs "Cloud" connection?

 

Although Azure Databricks is on the cloud its technically "private" and not publicly available. 

 

Any insight would be greatly appreciated

Labels:
Message 1 of 8
3,386 Views
1 ACCEPTED SOLUTION
v-ssriganesh
Community Support
Community Support
In response to rodneyc8063

‎02-17-2025 01:37 AM

Hi @rodneyc8063,

Thank you for your follow-up. These are important questions, and I am happy to clarify the confusion regarding the Service Principal and Authentication Method when connecting Azure Databricks via a Power BI Gateway. Let's break it down:

  1. What is a Service Principal and When to Use it?

A Service Principal is essentially an identity created in Azure Active Directory (AAD) that represents an application or service (like Power BI) rather than a user. It’s commonly used for automated, secure, non-interactive access to Azure resources, including Databricks. So, Yes, you can create a Service Principal in AAD and grant it access to Azure Databricks. This approach is often preferred over personal tokens for governance and security.

Relevant offical doc link : Configure a service principal for Azure Databricks

  1. Which Authentication Method Should You Use with a Service Principal?
  • For Service Principal → Power BI Gateway → Databricks, AAD (Azure Active Directory) authentication is generally the best practice. However, PAT (Personal Access Token) is also valid if you prefer that route but requires token management (renewals).

  1. How to Set Up AAD Authentication with Service Principal (High-Level Steps)
  • Create a Service Principal in Azure AD. Assign it appropriate workspace permissions in Databricks (like Viewer, Editor, Admin, or custom RBAC roles).
  • Enable Service Principal Authentication in your Databricks workspace (if not already enabled). Grant the Service Principal access to the Databricks API (Workspace Admin → Admin Settings → Service Principals).
  • Use "Azure Active Directory" as the authentication method in Power BI Gateway configuration. When prompted for credentials, provide the Service Principal’s details (Client ID, Tenant ID, and Client Secret).

  1. Can a Regular User Use Their Own Token Instead?

Yes, they can.
A Personal Access Token (PAT) can be generated by any Databricks user with the right workspace access. However, for production scenarios and scheduled refreshes via a gateway, it’s generally better to use a Service Principal for better security and control.

I trust this information proves useful. If it does, kindly Accept it as a solution and give it a 'Kudos' to help others locate it easily.
Thank you.

View solution in original post

Message 5 of 8
3,217 Views
7 REPLIES 7
v-ssriganesh
Community Support
Community Support

‎02-23-2025 05:37 AM

Hi @rodneyc8063,
I wanted to check if you had the opportunity to review the information provided. Please feel free to contact us if you have any further questions. If my response has addressed your query, please accept it as a solution and give a 'Kudos' so other members can easily find it.
Thank you.

Message 8 of 8
3,120 Views
v-ssriganesh
Community Support
Community Support

‎02-19-2025 10:58 PM

Hi @rodneyc8063,

May I ask if you have resolved this issue? If so, please mark the helpful reply and accept it as the solution. This will be helpful for other community members who have similar problems to solve it faster.

Thank you.

Message 7 of 8
3,159 Views
v-ssriganesh
Community Support
Community Support

‎02-10-2025 09:00 PM

Hi @rodneyc8063,

Thanks for reaching out to the Microsoft fabric community! We understand you're encountering an OAuth login error while trying to connect Azure Databricks (with Private Link) to Power BI Service via a gateway. Let’s go through your queries one by one and troubleshoot the issue.

1) Yes, since your Azure Databricks is configured with Private Link, it is not accessible over the public internet. In this case, a Power BI Gateway is required to enable secure communication between Power BI Service and your Databricks instance. The gateway will act as a bridge to facilitate the data refresh in the Power BI Service.

2) Since your Databricks instance is in Azure but private (not publicly accessible), you should use a Virtual Network Data Gateway rather than an On-Premises Gateway.

  • The On-Premises Data Gateway is typically used for databases hosted on local infrastructure. The Cloud option does not apply here because your Databricks instance is private. Use a VNet Gateway that is deployed in the same Azure region as your Databricks instance.

3) The error message suggests that the gateway is unable to establish a connection. Here are some potential causes and solutions:

  • Please ensure that Azure Databricks Private Link is correctly configured to allow traffic from the Power BI Gateway.
  • If using an On-Premises Gateway, confirm that the firewall is not blocking traffic.
  • If you're using Azure Active Directory (AAD) Authentication, ensure:
    • The Power BI Service Principal has the correct RBAC permissions to access Databricks.
    • The OAuth token is not being blocked by Conditional Access Policies (CAPs) or MFA requirements.
    • The user account has the correct Databricks workspace permissions (Viewer/Editor/Admin).

  • If OAuth isn't working, try setting up authentication using a Personal Access Token (PAT) and check if the connection succeeds.

If this helps, then please Accept it as a solution and dropping a "Kudos" so other members can find it more easily.
Thank you.

Message 3 of 8
3,325 Views
rodneyc8063
Advocate I
Advocate I
In response to v-ssriganesh

‎02-13-2025 06:51 AM

Hi @v-ssriganesh - Appreciate the detailed reply! Going to bring this to my admins to trouble shoot further but one quick question

 

You mentioend the "PBI service principal" - Do you mean or are you implying that we should create a service principal to connect from PBI to Azure Databricks?

 

I see a lot of documentation suggesting to use a PBI service principal (I admit I havent used this option before so pardon the very basic questions). When using a service principal to connect over the gateway I am not sure which option to choose for the authentication method

 

* Username/password -> I believe as per Databricks this is discontinued, and I dont believe a service principal would have this info

* Personal access token->Not sure if this is recommended with a service principal as I am not sure if the token expires? Also not sure why cant a "regular" user use their own service token instead of having to create a service principal

* Azure Active Directory-> If we are using a service principal not sure if this can be used

 

Not sure if I mixed something up here but I welcome any help!

Message 4 of 8
3,283 Views
0
v-ssriganesh
Community Support
Community Support
In response to rodneyc8063

‎02-17-2025 01:37 AM

Hi @rodneyc8063,

Thank you for your follow-up. These are important questions, and I am happy to clarify the confusion regarding the Service Principal and Authentication Method when connecting Azure Databricks via a Power BI Gateway. Let's break it down:

  1. What is a Service Principal and When to Use it?

A Service Principal is essentially an identity created in Azure Active Directory (AAD) that represents an application or service (like Power BI) rather than a user. It’s commonly used for automated, secure, non-interactive access to Azure resources, including Databricks. So, Yes, you can create a Service Principal in AAD and grant it access to Azure Databricks. This approach is often preferred over personal tokens for governance and security.

Relevant offical doc link : Configure a service principal for Azure Databricks

  1. Which Authentication Method Should You Use with a Service Principal?
  • For Service Principal → Power BI Gateway → Databricks, AAD (Azure Active Directory) authentication is generally the best practice. However, PAT (Personal Access Token) is also valid if you prefer that route but requires token management (renewals).

  1. How to Set Up AAD Authentication with Service Principal (High-Level Steps)
  • Create a Service Principal in Azure AD. Assign it appropriate workspace permissions in Databricks (like Viewer, Editor, Admin, or custom RBAC roles).
  • Enable Service Principal Authentication in your Databricks workspace (if not already enabled). Grant the Service Principal access to the Databricks API (Workspace Admin → Admin Settings → Service Principals).
  • Use "Azure Active Directory" as the authentication method in Power BI Gateway configuration. When prompted for credentials, provide the Service Principal’s details (Client ID, Tenant ID, and Client Secret).

  1. Can a Regular User Use Their Own Token Instead?

Yes, they can.
A Personal Access Token (PAT) can be generated by any Databricks user with the right workspace access. However, for production scenarios and scheduled refreshes via a gateway, it’s generally better to use a Service Principal for better security and control.

I trust this information proves useful. If it does, kindly Accept it as a solution and give it a 'Kudos' to help others locate it easily.
Thank you.

Message 5 of 8
3,218 Views
pricest
New Member
In response to v-ssriganesh

‎03-25-2025 12:01 AM

Hi @v-ssriganesh 

 

I am also trying to connect with a Service Principal but when I click on edit credentials, I am presented with the regular Microsoft login page (https://login.microsoftonline.com/) asking for an email. There isn't a place to enter the details you mentioned: Client ID, Tenant ID, and Client Secret.

 

Is there additional configuration that I am missing in my Tenant / Fabric / Power BI to enable this? Or where am I going wrong?

 

Thanks in advance,

Steve

Message 6 of 8
2,652 Views
0
GilbertQ
Super User
Super User

‎02-10-2025 01:47 PM

Hi @rodneyc8063 

 

What you need to make this work is you need to install and configure is  VNET gateway. Here are details. What is a virtual network (VNet) data gateway | Microsoft Learn





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Message 2 of 8
3,358 Views

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All