Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us at the 2025 Microsoft Fabric Community Conference. March 31 - April 2, Las Vegas, Nevada. Use code FABINSIDER for $400 discount. Register now

Reply
SyedUmairHasan
New Member

Salesforce Data in Microsoft Fabric with Organizational Account

‎09-27-2024 12:59 PM

Hello,

I am using Dataflow Gen 2 in Microsoft Fabric to ingest data from Salesforce using the Salesforce Objects connector. The connection is made using an Organizational Account (OAuth 2.0). However, I noticed that there's no option to provide authentication details such as client ID, client secret, or environment URL, as I could in Azure Synapse using the SalesforceV2 type.

Here are the points I'm concerned about:

  1. Reauthentication Requirement: Will I need to reauthenticate the connection frequently (e.g., after access tokens expire), and if so, how often? What factors influence the need to reauthenticate?
  2. Cons of Using Organizational Account: What are the potential downsides of using the Organizational Account for this type of connection, especially in a production environment where automation and stability are key?
  3. Workaround for Client Credentials Flow: Is there any way to use a client credentials flow (where I can provide client ID, client secret, and environment URL) to avoid the need for reauthentication, similar to how it's handled in Azure Synapse or Data Factory? If not, what are your recommendations for stable long-term data loading from Salesforce?
Labels:
Message 1 of 3
885 Views
0
2 REPLIES 2
v-cgao-msft
Community Support
Community Support

‎09-30-2024 01:28 AM

Hi @SyedUmairHasan ,

With OAuth 2.0, typically when you authenticate once, you receive an access token which has a limited lifetime, and a refresh token which can be used to get new access tokens without requiring the user to reauthenticate. The frequency of reauthentication depends on the expiration time of the access token, which is typically short-lived (often around 1 hour), and the refresh token, which can last longer but also expires eventually. The Dataflow Gen 2 seem does not provide an interface to manage these tokens directly, you might need to reauthenticate whenever the refresh token expires. However, good OAuth implementations will automatically handle refreshing the access token without needing manual intervention until the refresh token expires (If supported by the server or client).

Cons of Using Organizational Account:
Security: It requires more privileged access than necessary, which goes against the principle of least privilege.
Scalability: If multiple processes or services need to connect, managing multiple Organizational Accounts can become cumbersome.
Stability: If the account used for authentication is locked out, compromised, or its permissions are changed, it can disrupt data flows.

 

It is possible to explore setting up a middleware service to handle authentication and token management and expose an API for Dataflow Gen 2 to call.
Refresh (any) OAuth2 API from PowerBI Online / Dataflows, using Azure Functions | by Thye | Medium

 

Best Regards,
Gao
Community Support Team

 

If there is any post helps, then please consider Accept it as the solution  to help the other members find it more quickly.
If I misunderstand your needs or you still have problems on it, please feel free to let us know. Thanks a lot!

How to get your questions answered quickly --  How to provide sample data in the Power BI Forum

Message 3 of 3
761 Views
0
tharunkumarRTK
Super User
Super User

‎09-28-2024 06:15 AM

@SyedUmairHasan 

 

1. Reauthentication Requirement - It depends on your organisation conditional access policy requirements. Normally, the refresh token expires after 90 days, so you need to re authenticate after 90 days. If this policy is not enabled in your org then you need to re authenticate.

2. Cons of Using Organizational Account:: I would suggest you not use individual accounts for production use cases, you can create a common service account user principal. You and your team can use it for such use it for such scenarios. 

3. Workaround for Client Credentials Flow: I dont think this option is available, you can reach out to microsoft support team and get the answer from them

 

Need a Power BI Consultation? Hire me on Upwork

 

 

 

Connect on LinkedIn

 

 

 








Did I answer your question? Mark my post as a solution!
If I helped you, click on the Thumbs Up to give Kudos.

Proud to be a Super User!
PBI_SuperUser_Rank@2x.png
Message 2 of 3
823 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

FebFBC_Carousel

Fabric Monthly Update - February 2025

Check out the February 2025 Fabric update to learn about new features.

Feb2025 NL Carousel

Fabric Community Update - February 2025

Find out what's new and trending in the Fabric community.

View All