How to Configure Service Principal in Azure
This guide explains step by step how to create a Service Principal (App Registration) in Azure to connect AtlasData to your Power BI.
Why use Service Principal?
Service Principal offers:
- Permanent access: Doesn't expire like user tokens
- Security: Credentials separate from personal account
- Auditing: App-specific access logs
- Control: Granular permissions per workspace
Prerequisites
Before starting, you need:
- Administrator access to Azure Active Directory
- Administrator access to Power BI
- Permission to create App Registrations
Step 1: Create the App Registration
- Go to the Azure Portal
- Navigate to Azure Active Directory > App registrations
- Click New registration
- Fill in the fields:
- Name:
AtlasData-PowerBI(or your preferred name) - Supported account types: "Accounts in this organizational directory only"
- Redirect URI: Leave blank
- Name:
- Click Register
Step 2: Get the Credentials
After creating the app, you'll see the Overview page. Note the following values:
| Field | Where to find | Example |
|---|---|---|
| Tenant ID | Overview > Directory (tenant) ID | 12345678-1234-1234-1234-123456789abc |
| Client ID | Overview > Application (client) ID | 87654321-4321-4321-4321-cba987654321 |
Step 3: Create the Client Secret
- In the sidebar, click Certificates & secrets
- In the Client secrets tab, click New client secret
- Fill in:
- Description:
AtlasData Access - Expires: Choose the duration (recommended: 24 months)
- Description:
- Click Add
- IMPORTANT: Copy the Value immediately (it only appears once!)
| Field | Where to find |
|---|---|
| Client Secret | Certificates & secrets > Value |
Attention
The Client Secret value is only shown once. If you lose it, you'll need to create a new one.
Step 4: Configure API Permissions
- In the sidebar, click API permissions
- Click Add a permission
- Select Power BI Service
- Choose Delegated permissions and check:
Workspace.Read.AllReport.Read.AllDataset.Read.All
- Click Add permissions
- Click Grant admin consent for [your organization]
Step 5: Enable Service Principal in Power BI
- Go to the Power BI Admin Portal
- Go to Tenant settings
- Find the Developer settings section
- Enable Allow service principals to use Power BI APIs
- Choose Specific security groups and add your Service Principal's group
Tip
Create a Security Group in Azure AD containing your Service Principal for easier management.
Step 6: Add to Workspaces
For each workspace that AtlasData should access:
- Open the workspace in Power BI
- Click Access (people icon)
- Add the Service Principal as Member or Viewer
- Save the changes
Step 7: Test in AtlasData
- Access AtlasData and go to the connection step
- Choose Service Principal
- Enter the credentials:
- Tenant ID: (copied in Step 2)
- Client ID: (copied in Step 2)
- Client Secret: (copied in Step 3)
- Click Test Connection
- If everything is correct, you'll see the success message
Troubleshooting
Error: "Unauthorized"
- Verify that Admin Consent was granted (Step 4)
- Verify that Service Principal is enabled in Power BI (Step 5)
Error: "No workspaces found"
- Verify that Service Principal was added to the workspaces (Step 6)
- Wait a few minutes for permission propagation
Error: "Invalid client secret"
- The Client Secret may have expired
- Create a new secret and update in AtlasData