Hi, according to your documentation to use the Service Principal authentication the Power bi report should be shared with the Service principal that is the name of the app registered in the Azure Active Directory. Our customers are outside our organization and I'm not able to put the Service principal in the report. Does the app need to be registered under their organization?
Hi @anambedoya ,
To restrict service principal access to specific tenant settings, you can allow access to specific security groups. Alternatively, you can create a dedicated security group for service principals, and exclude it from the desired tenant settings. For steps on how to create a security group and add a service principal, see Create a basic group and add members using Azure Active Directory.
Before using service principals in Power BI, an admin must first enable service principal access in the Power BI admin portal.
In the Power BI Admin portal > Tenant settings, expand Allow service principals to use Power BI APIs, and then click Enabled. To apply permissions to a security group, add the group name to Specific security groups.
In order for your service principal to have the necessary permissions to perform Premium workspace and dataset operations, you must add the service principal as a workspace Member or Admin. Using Workspace access in the Power BI service is described here, but you can also use the Add Group User REST API.
1.In the Power BI service, for a workspace, select More > Workspace access.
2.Search by application name, Add the service principal as an Admin or Member to the workspace.
Refer to :
Use Power BI API with service principal (Preview) | Microsoft Power BI Blog | Microsoft Power BI
Best Regards,
Neeko Tang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hi @anambedoya ,
To restrict service principal access to specific tenant settings, you can allow access to specific security groups. Alternatively, you can create a dedicated security group for service principals, and exclude it from the desired tenant settings. For steps on how to create a security group and add a service principal, see Create a basic group and add members using Azure Active Directory.
Before using service principals in Power BI, an admin must first enable service principal access in the Power BI admin portal.
In the Power BI Admin portal > Tenant settings, expand Allow service principals to use Power BI APIs, and then click Enabled. To apply permissions to a security group, add the group name to Specific security groups.
In order for your service principal to have the necessary permissions to perform Premium workspace and dataset operations, you must add the service principal as a workspace Member or Admin. Using Workspace access in the Power BI service is described here, but you can also use the Add Group User REST API.
1.In the Power BI service, for a workspace, select More > Workspace access.
2.Search by application name, Add the service principal as an Admin or Member to the workspace.
Refer to :
Use Power BI API with service principal (Preview) | Microsoft Power BI Blog | Microsoft Power BI
Best Regards,
Neeko Tang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hi @anambedoya ,
If you want to share dashboards or reports to other users , you have to consider Power BI licenses.
- The users who access the shared dashboard must have Pro or PPU licenses .
- Put your dashboards in Premium capacity then free users can access the dashboard.
Use a security group, not a distribution group, to share with a group that includes people with external email addresses. People with external emails in a distribution group can't see the content you share, unless they're Azure Active Directory (Azure AD) B2B guest users.
You can follow these steps to invite external users to become guest users.
(1)Enable access.
Make sure you enable the Invite external users to your organization feature in the Power BI admin portal before inviting guest users.
(2)Planned invites.
In the Azure portal, select Menu button then select Azure Active Directory.
Under Manage, select Users > All users > New guest user.
Scroll down and enter an email address and personal message.
Select Invite.
(3) Ad hoc invites.
To invite an external user at any time, add them to your dashboard or report through the share feature or to your app through the access page. Here's an example of what to do when inviting an external user to use an app.
Refer to :
https://docs.microsoft.com/en-us/power-bi/admin/service-admin-azure-ad-b2b
https://docs.microsoft.com/en-us/power-bi/guidance/whitepaper-azure-b2b-power-bi
Best Regards,
Neeko Tang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Helpful resources
Fabric Community Update - July 2025
Find out what's new and trending in the Fabric community.
Power BI Monthly Update - July 2025
Check out the July 2025 Power BI update to learn about new features.
