Power BI connector : using azure app with service principal


Any chance this topic can be handled ? Today in the desktop you can create a Power BI connector based on azure app but only in delegation mode using a token with expiration date. We don’t use it at all because it’s painful to renew and above all the token is stored in easymorph project which is not valid in our big company in terms of security.

Would it be possible to implement the authentication through an azure app with service principal ? In terms of dev on your side it seems to be step 8 of this link Incorporer du contenu dans votre application d’analytique incorporée Power BI - Power BI | Microsoft Learn => AppOwnsData
Of course the applicationSecret would have to be encrypted like a password.

This missing option in easymorph is really problematic as our users want to report things in power bi but there is no true “continuous” (continuity implies no manual action like renewing token) chain between easymorph and power bi. If you enable such connector, we would just have to share the connector to our users, creating as many service principals as we need for security isolation, and the power bi export action would be used by all.

Thanks !


We’ll investigate this, but at the first glance it does not look like simple integration. We use Microsoft Authentication Library (MSAL) to interact with PowerBI and it looks like MSAL does not support Azure Service Principals, at least out of the box. I may be wrong, though - need to investigate.

When I look at the link I provided, it redirects to a github project you can reuse. It’s using Microsoft.Identity.Client which seems to be in Azure .NET SDK > Active Directory section if I’m not mistaken.

If I follow the documentation of MSAL I see this : Client credential flows · AzureAD/microsoft-authentication-library-for-dotnet Wiki · GitHub
Seems to be managed (see sample “active-directory-dotnetcore-daemon-v2”) :


1 Like