cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
274188A
Frequent Visitor

Trouble Adding the service principal as an admin to a workspace

Hi,

 

I'm not a global admin - just a developer with a Power BI Pro license in a Tenant.

 

I'm trying to add a service principle (created via an Azure Registered app) to the upgraded Workspace via BI Service Portal.

 

In the docs it shows an image where they have entered the display name of the registered app (that contains the principle).

 

this is shown like this:

correct.PNG

 

 

When I try this step using my registered app (named 'CCRE Power BI API App') I see the following:  

error.PNG

 

 

Is this because the developer settings are not configured correctly? 

 

 

 

1 ACCEPTED SOLUTION
v-xicai
Community Support
Community Support

Hi @274188A ,

 

Please read the article carefully, pay attention to the steps1 (create a service principal), steps2(create an AAD security group, add the service principal to the security group) ,steps3 (enable service principal in the Developer settings in the Power BI admin portal).  

 

After that, the service principal gets the email address property, then you need to type the name of service principal instead of the name of the registered app.

 

37.png

 

 

 

 

 

 

 

 

 

 

 

There are some limitations you may considerate:

  • Service principal only works with new app workspaces.
  • My Workspace isn't supported when using service principal.
  • Dedicated capacity is required when moving to production.
  • You can't sign into the Power BI portal using service principal.
  • Power BI admin rights are required to enable service principal in developer settings within the Power BI admin portal.
  • You can't install or manage an on-premises data gateway using service principal.
  • Embed for your organization applications are unable to use service principal.
  • Dataflows management is not supported.
  • Service principal currently does not support any admin APIs.

 

Best Regards,

Amy

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

View solution in original post

4 REPLIES 4
v-xicai
Community Support
Community Support

Hi @274188A ,

 

Please read the article carefully, pay attention to the steps1 (create a service principal), steps2(create an AAD security group, add the service principal to the security group) ,steps3 (enable service principal in the Developer settings in the Power BI admin portal).  

 

After that, the service principal gets the email address property, then you need to type the name of service principal instead of the name of the registered app.

 

37.png

 

 

 

 

 

 

 

 

 

 

 

There are some limitations you may considerate:

  • Service principal only works with new app workspaces.
  • My Workspace isn't supported when using service principal.
  • Dedicated capacity is required when moving to production.
  • You can't sign into the Power BI portal using service principal.
  • Power BI admin rights are required to enable service principal in developer settings within the Power BI admin portal.
  • You can't install or manage an on-premises data gateway using service principal.
  • Embed for your organization applications are unable to use service principal.
  • Dataflows management is not supported.
  • Service principal currently does not support any admin APIs.

 

Best Regards,

Amy

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

View solution in original post

You say "After that, the service principal gets the email address property, then you need to type the name of service principal instead of the name of the registered app", but this doesn't happen. The referenced article refers to old PowerShell commands that no longer seem to work (In general, I replaced "Azure" with "Az" and they worked, but with differences). Afterwards, I still can't add the service principal.

I figured it out myself - you can add the service principal via the Workspaces menu on the left, Workspace Access. The service principal and other AD groups will show up if you start typing in this UI. It will not show up via the "Access" action in the admin portal, even though the UI looks nearly identical.

Thanks for posting this. Saved me a lot of frustration. 

 

What is really frustrating and STUPID (are you listening M$) - is that:

 

2 places you can manage permissions behave differently

In order to be able to access the section/area where you can add an SPN requires the user to have a (paid) PowerBI license. So now I have to license myself just so I can manage permissions of my app IDs in AZAD... Words can not describe how monumentally stupid that is. 

Helpful resources

Announcements
Power BI December 2021 Update_carousel 768x460.jpg

Check it Out!

Click here to read more about the December 2021 Updates!

User Group Leader Meeting January 768x460.png

Calling all User Group Leaders!

Don't miss the User Group Leader meetings on January, 24th & 25th, 2022.

Jan 2022 Dev Camp 768x460 copy.png

Power BI Dev Camp- January 27th, 2022

Mark your calendars and join us for our next Power BI Dev Camp!