Solved: Service Principal authentication method not workin...

amitpatra · ‎04-18-2025

Hello,

I am trying to setup Service Principal authentication method for the data source credentials in dataset refresh. But, I am getting error - login failed. The Service Principal/App has all the roles assigned in Azure AAD and has access to the database.

Please check the screenshot attached.

Any idea if I am missing anything ? One more query, if I change the data source credentials to Service Principal, will it get refreshed always through Service Principal ID even if my indiavidal ID is deleted ?

Thanks.

Akash_Varuna · ‎04-18-2025

Hi @amitpatra It might be because the Service Principal lacks proper permissions on the dataset or gateway. Ensure it has tenant-wide API access enabled, workspace access as a Contributor or Member, and proper database or gateway permissions. Once set, the dataset will refresh using the Service Principal even if your ID is deleted.

View solution in original post

v-pnaroju-msft · ‎04-20-2025

Thank you, @Akash_Varuna, for your response.

Hi @amitpatra,

We appreciate your inquiry through the Microsoft Fabric Community Forum.

Based on my understanding, the error "Login failed for user '<token-identified principal>'" indicates that the Service Principal lacks one or more required permissions or configurations.

Please follow the steps below which may help to resolve the issue:

Ensure that the Service Principal is granted access at the database level. Additionally, confirm that the Azure SQL Server has an Azure AD admin set.
Make sure the following options are enabled in the Power BI Admin Portal. Allow service principals to use Power BI APIs and Allow service principals to access datasets.
Assign the Service Principal as a Member or Contributor role in the workspace, either directly or via an Azure AD group.
Add the Service Principal under the Gateway (for on-premises data source) > Users. Ensure it has access to the related data source.
Once configured, all dataset refreshes will run via the Service Principal, even if your personal account is removed, as long as the credentials remain valid and permissions are not revoked.

If you find our response helpful, kindly mark it as the accepted solution and provide kudos. This will assist other community members who may be facing similar queries.

Thank you.

View solution in original post

v-pnaroju-msft · ‎05-01-2025

Hi amitpatra,

We are following up to see if your query has been resolved. Should you have identified a solution, we kindly request you to share it with the community to assist others facing similar issues.

If our response was helpful, please mark it as the accepted solution and provide kudos, as this helps the broader community.

Thank you.

v-pnaroju-msft · ‎04-27-2025

Hi amitpatra,

We wanted to check in regarding your query, as we have not heard back from you. If you have resolved the issue, sharing the solution with the community would be greatly appreciated and could help others encountering similar challenges.

If you found our response useful, kindly mark it as the accepted solution and provide kudos to guide other members.

Thank you.

v-pnaroju-msft · ‎04-24-2025

Hi amitpatra,

We have not received a response from you regarding the query and were following up to check if you have found a resolution. If you have identified a solution, we kindly request you to share it with the community, as it may be helpful to others facing a similar issue.

If you find the response helpful, please mark it as the accepted solution and provide kudos, as this will help other members with similar queries.

Thank you.

v-pnaroju-msft · ‎04-20-2025

Thank you, @Akash_Varuna, for your response.

Hi @amitpatra,

We appreciate your inquiry through the Microsoft Fabric Community Forum.

Based on my understanding, the error "Login failed for user '<token-identified principal>'" indicates that the Service Principal lacks one or more required permissions or configurations.

Please follow the steps below which may help to resolve the issue:

Ensure that the Service Principal is granted access at the database level. Additionally, confirm that the Azure SQL Server has an Azure AD admin set.
Make sure the following options are enabled in the Power BI Admin Portal. Allow service principals to use Power BI APIs and Allow service principals to access datasets.
Assign the Service Principal as a Member or Contributor role in the workspace, either directly or via an Azure AD group.
Add the Service Principal under the Gateway (for on-premises data source) > Users. Ensure it has access to the related data source.
Once configured, all dataset refreshes will run via the Service Principal, even if your personal account is removed, as long as the credentials remain valid and permissions are not revoked.

If you find our response helpful, kindly mark it as the accepted solution and provide kudos. This will assist other community members who may be facing similar queries.

Thank you.

Akash_Varuna · ‎04-18-2025

Hi @amitpatra It might be because the Service Principal lacks proper permissions on the dataset or gateway. Ensure it has tenant-wide API access enabled, workspace access as a Contributor or Member, and proper database or gateway permissions. Once set, the dataset will refresh using the Service Principal even if your ID is deleted.

Service Principal authentication method not working in PBI dataset refresh

Helpful resources

Power BI Monthly Update - August 2025

Fabric Community Update - August 2025

Huge last-minute discounts for FabCon Vienna from September 15-18, 2025

Service Principal authentication method not working in PBI dataset refresh

Helpful resources

Power BI Monthly Update - August 2025

Fabric Community Update - August 2025