I have a CSV file that is saved to a document library in SharePoint. I've published my report to the Power BI service and it's refreshing using my credentials. I'm trying to configure the data source so it can be refreshed using a service principal doing the following:
- Created app registration in Entra
- Gave app registration SharePoint Sites.Read.All API permission
- Created a security group in Entra and added app registration to that group. Added security group to SharePoint site as a Member.
However, I get this error:
Failed to update data source credentials: The credentials provided for the Web source are invalid.
Based on other posts, it sounds like this is possibly a bug or just not supported, but I'm just wondering if I missed a step or if there is a better way to do this.
Hi,@RolandPlanet .Thank you for your reply.
Thank you for your reply.
Based on your description and the screenshots provided
Your first attempt is correct and should be used:
Application (client) ID as the service principal ID
In this case, you are getting the following error:
“Failed to update data source credentials: The credentials provided for the Web source are invalid” error
I assume that your web data source redirection URL is not working and suggest you to regenerate it.
According to your error message, you need to check if the following configuration information is correct
Tenant ID:Green Area
Service principal ID:Red area
Service principal key:Pink area
Please double-check that your API permissions and other information configurations are set correctly (correct API permissions need to be configured)
I hope my suggestions give you good ideas, if you have any more questions, please clarify in a follow-up reply.
Best Regards,
Carson Jian,
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Can you please explain what you mean when you said:
I assume that your web data source redirection URL is not working and suggest you to regenerate it.
How do I do that?
I've verified the following configuration:
and I created a new client secret:
Same error:
I've verified API permissions as you suggested:
Hi,@RolandPlanet .I am glad to help you.
Here is my test:
Login to Microsoft Entra admin center
Create app
Configure permissions for the app to generate the key
Take care to save the value and ID of the key
Set the token expiration time correctly
Assign the correct permissions:
New security group, add the user and the created app to it
Log in to the power bi service to set the validation method for the report semantic model with data source sharepoint (select Service principal)
These are the data you need to fill in:
Tenant ID:APP Directory (tenant) ID
Service principal ID: APP Object ID
Service principal key: Your app authentication key value
It is important to note that you need to get the token correctly before you can fill in this information.
Below is the official documentation I've referenced and the issue I've resolved, hopefully this will help you.
URL:
Copy data from SharePoint Online List - Azure Data Factory & Azure Synapse | Microsoft Learn
Solved: Erorr-Credentials provided for Sharepoint source a... - Microsoft Fabric Community
I hope my suggestions give you good ideas, if you have any more questions, please clarify in a follow-up reply.
Best Regards,
Carson Jian,
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Thank you - I followed your steps are am now getting this error:
I've entered:
- Directory (tenant) ID from the app registration for Tenant ID
- Object ID for Service Principal ID
- Client Secret value for principal key
Hi,@RolandPlanet .Thank you for your reply.
You will need to contact your organization's administrator to see if the required permissions are turned on in your organization on the Power BI service
Please make sure that your organization has the necessary permissions turned on.
Also I noticed that your error message is that the corresponding app was not found
You can try the following actions:
App not installed: Make sure the app has been installed by the administrator of the tenant.
User has not given consent: Make sure that the user in the tenant has given consent for the app to be used.
Wrong tenant: Make sure the authentication request you sent is for the correct tenant.
Please check the following points:
Verify that the application is properly registered and installed in Azure AD.
Verify that you are using the correct tenant ID, service principal ID, and client key values.
Confirm that the application has been granted the necessary permissions and that the user has agreed to these permissions.
If none of the above works, you can try to regenerate the client key and try again to see if that solves the problem.
I hope my suggestions give you good ideas, if you have any more questions, please clarify in a follow-up reply.
Best Regards,
Carson Jian,
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
I've verified that these settings are all enabled:
- How can I confirm the app has been installed by the administrator of the tenant?
- How can I make sure that the user in the tenant has given consent for the app to be used?
I have regenerated the client key. I have confirmed that I am able to use the service principal through PowerShell to create Power BI workspaces, so I believe I have the correct tenant ID, client ID, and secret key.
I'm still unable to use Service principal as an authentication method for my semantic model in Power BI.
- When I use Application (client) ID as the service principal ID for data refresh, I get a "Failed to update data source credentials: The credentials provided for the Web source are invalid" error
- When I use Object ID as the service principal ID for data refresh, I get a "Application with identifier '***6d77bb' was not found in the directory 'Contoso'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant" error
Helpful resources
Join our Fabric User Panel
This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.
Power BI Monthly Update - June 2025
Check out the June 2025 Power BI update to learn about new features.
Fabric Community Update - June 2025
Find out what's new and trending in the Fabric community.
