Creating an Azure AD Application with Service Principal

Azure Analysis Services supports Service Principal-based authentication, which is role-based. If you wish to use a Service Principal to authenticate to Azure Analysis Services you must create a custom Azure AD application as described here.

To use Azure Service Principal authentication, you must set up the ability to assign a role to the authentication application, then register an application with the Azure AD tenant to create a new Service Principal. That new Service Principal can then leverage the assigned role-based access control to access resources in your subscription.

Authenticating with an Azure Service Principal

In https://portal.azure.com:

1. In the left-hand navigation pane, select Azure Active Directory > App registrations.
2. Click New registration.
3. Enter a name for the application.
4. Select the desired tenant setup. Since this custom application is for Azure Service Principal, choose Any Microsoft Entra ID tenant - Multi Tenant.
5. To register the new application, click Register. An application management screen displays.
   Note the value in Application (client) ID as the OAuthClientId and the Directory (tenant) ID as the AzureTenant.
6. Navigate to Certificates & Secrets and define the application authentication type. There are two types of authentication available: certificate (recommended) or client secret.
   • For creating a new client secret: In Certificates & Secrets, select New Client Secret for the application and specify its duration. After the client secret is saved, Azure Analysis Services displays the key value. This value is displayed only once, so record it for future use. (This value becomes the OAuthClientSecret.)

7. Navigate to the Authentication tab and select the Access tokens option.
8. Save your changes.