Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us for an expert-led overview of the tools and concepts you'll need to become a Certified Power BI Data Analyst and pass exam PL-300. Register now.

Reply
db042190
Post Prodigy
Post Prodigy

using a non expiring id without giving pswd away

‎05-06-2025 07:41 AM

hi , i'd like the best of both worlds where we move toward using non expiring ids / tenants in our pbi service connections without giving away the pswd to the myriad of folks who publish their own pbi reports and dashboards.   Is this possible?  should such an id be an admin for this to work.   will admins like me need to know the pswd in order to use this ids creds upon request from our users?   will it be necessary for any reason for us to run our browser->service logged in as this user ?

Labels:
Message 1 of 8
422 Views
0
2 ACCEPTED SOLUTIONS
Akash_Varuna
Community Champion
Community Champion

‎05-06-2025 10:07 PM

Hi @db042190 Yes, it is possible to use non-expiring IDs like service principals or managed identities for Power BI service connections without sharing passwords. Admins don't need to know the password, and no browser login is required. These identities can be securely set up through Azure Active Directory. They are ideal for automating tasks and managing permissions in Power BI.
If this post helped please do give a kudos and accept this as a solution
Thanks In Advance

View solution in original post

Message 2 of 8
362 Views
v-sgandrathi
Community Support
Community Support

‎05-06-2025 10:40 PM

Hi @db042190,

 

Yes. By using a Service Principal with a client secret or certificate, you can securely connect to datasets or data sources without involving user passwords. The credentials are stored centrally in the data gateway or dataset settings, and report publishers only need access to the Power BI workspaces, they do not handle or need to know these credentials.

No, not necessarily. A Service Principal doesn’t need to be a Power BI Admin unless it must manage tenant-wide settings. It simply requires access to the relevant workspaces and datasets, and the Power BI Admin Portal must have tenant settings enabled to allow Service Principal access.

No. Admins do not need to know or share passwords. The Service Principal is configured with a client secret or certificate, stored securely in places like Azure Key Vault or the Power BI Gateway, with centralized access management—so credentials never need to be exposed or shared.

No. Service Principals are non-interactive identities that authenticate via APIs, not browser logins, so there is no need to sign into Power BI Service using this identity for routine tasks or report publishing.

 

This solution addresses your concerns regarding the secure management of non-expiring identities for Power BI connections without compromising credentials, allowing for efficient access and data management.

 

If this post was helpful, please consider marking Accept as solution and give us Kudos to assist other members in finding it more easily.

If you continue to face issues, feel free to reach out to us for further assistance!

 

Thank you.

View solution in original post

Message 3 of 8
354 Views
7 REPLIES 7
db042190
Post Prodigy
Post Prodigy

‎05-07-2025 05:28 AM

thx v_sgandrathri and akash_varuna.   i think i understand.   so can our users assign (in ds settings) this service principal as the account/cred to use after they publish?   and keep us admins out of the conversation?    also does it matter that across our company we are limited to pro licenses?

Message 4 of 8
329 Views
0
v-sgandrathi
Community Support
Community Support
In response to db042190

‎05-07-2025 10:02 AM

Hi @db042190,
In response to your questions, here's the clarification:
Users cannot directly assign a service principal to datasets after publishing, admins must first configure the service principal in the data gateway or through automated deployment methods. Once set up, users can publish reports that use the pre-configured credentials without needing to know or handle them. Admins do not need the service principal's password, as it authenticates via a secret or certificate stored securely. 

This setup works best in Power BI Premium; with only Pro licenses, service principal access is still possible but limited in scalability and some advanced features.

If this post was helpful, please consider marking Accept as solution and give us Kudos to assist other members in finding it more easily.

If you continue to face issues, feel free to reach out to us for further assistance!

Thank you.

Message 5 of 8
312 Views
0
v-sgandrathi
Community Support
Community Support
In response to v-sgandrathi

‎05-12-2025 02:53 AM

Hi @db042190,

 

May I ask if you have gotten this issue resolved?

If it is solved, please mark the helpful reply or share your solution and accept it as solution, it will be helpful for other members of the community who have similar problems as yours to solve it faster.

 

Thank you.

Message 6 of 8
249 Views
0
v-sgandrathi
Community Support
Community Support
In response to v-sgandrathi

‎05-15-2025 05:29 AM

Hi @db042190,

 

I wanted to check in your situation regarding the issue. Have you resolved it? If you have, please consider marking the reply as Accepted solution and give Kudos that helped you. It would be greatly appreciated by others in the community who may have the same question.

 

Thank you.

Message 7 of 8
216 Views
0
v-sgandrathi
Community Support
Community Support
In response to v-sgandrathi

‎05-18-2025 04:15 AM

Hi @db042190,

 

As we did not get a response, may I know if the above reply could clarify your issue, or could you please help confirm if we may help you with anything else?

 

And if the provided information meets your requirements, you can Accept the solution and also give Kudos on that reply. It helps other users who are searching for this same information and find the information.

 

Your understanding and patience will be appreciated.

Message 8 of 8
183 Views
0
v-sgandrathi
Community Support
Community Support

‎05-06-2025 10:40 PM

Hi @db042190,

 

Yes. By using a Service Principal with a client secret or certificate, you can securely connect to datasets or data sources without involving user passwords. The credentials are stored centrally in the data gateway or dataset settings, and report publishers only need access to the Power BI workspaces, they do not handle or need to know these credentials.

No, not necessarily. A Service Principal doesn’t need to be a Power BI Admin unless it must manage tenant-wide settings. It simply requires access to the relevant workspaces and datasets, and the Power BI Admin Portal must have tenant settings enabled to allow Service Principal access.

No. Admins do not need to know or share passwords. The Service Principal is configured with a client secret or certificate, stored securely in places like Azure Key Vault or the Power BI Gateway, with centralized access management—so credentials never need to be exposed or shared.

No. Service Principals are non-interactive identities that authenticate via APIs, not browser logins, so there is no need to sign into Power BI Service using this identity for routine tasks or report publishing.

 

This solution addresses your concerns regarding the secure management of non-expiring identities for Power BI connections without compromising credentials, allowing for efficient access and data management.

 

If this post was helpful, please consider marking Accept as solution and give us Kudos to assist other members in finding it more easily.

If you continue to face issues, feel free to reach out to us for further assistance!

 

Thank you.

Message 3 of 8
355 Views
Akash_Varuna
Community Champion
Community Champion

‎05-06-2025 10:07 PM

Hi @db042190 Yes, it is possible to use non-expiring IDs like service principals or managed identities for Power BI service connections without sharing passwords. Admins don't need to know the password, and no browser login is required. These identities can be securely set up through Azure Active Directory. They are ideal for automating tasks and managing permissions in Power BI.
If this post helped please do give a kudos and accept this as a solution
Thanks In Advance

Message 2 of 8
363 Views

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June 2025 Power BI Update Carousel

Power BI Monthly Update - June 2025

Check out the June 2025 Power BI update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All