Service Principal

Overview

A Service Principal is an Azure Active Directory (Entra ID) application registration used by Datascaphe Uplink to authenticate against Power BI APIs on behalf of the organization.

Service Principals enable backend token refresh without requiring an end user to be signed in. They are required for scheduled scanner data refresh and can be assigned at the report level or the user level to control which credentials are used for each operation.

The client secret is stored encrypted and is never exposed after it has been saved.

Usage of Service Principals

In Uplink, Service Principals can be set at:

the report level
the user level

Object	Description
Report	All Power BI API calls related to the report will use the Service Principal for authentication.
User	Only calls to the Power BI API initiating from the specified user will use the associated Service Principal. Other users can use their personal token for authentication or the Service Principal associated to the report.

Most of the time, you would associate the Service Principal at the report level. But if you want to have only a subset of your users connect with the Service Principal, then it should be associated to those users.

When a user with a SP gets data for a report with SP, the user SP takes precedence for authentication.

WARNING

When using a Service Principal, at report or user level, you need to have the report in a premium or embedded capacity to comply with Microsoft licensing terms.