Set up service principal access
Follow these steps once to enable service principal authentication for users in your organization. To use interactive authentication only, skip to Authenticate to Microsoft Fabric.
Before you start
You need:
- An Azure account with permission to register applications
- Admin access to a Microsoft Fabric workspace
1. Register KNIME in Azure
To register an application in Azure, see Prepare your services for use with KNIME Secrets or the Azure quickstart guide. The application requires no granted permissions.
Keep the Azure app ID and secret value — you need them later.
2. Grant access in Fabric
Grant the registered application access to your Fabric workspace so it can call Fabric APIs.
- Go to the Fabric Admin Portal and enable Service principals can use Fabric APIs.
- In a Fabric workspace, click Manage Access and add your service principal (by name or client ID) as a Contributor.
This is required — see the Fabric documentation for details.
3. Create a secret on KNIME Hub
A KNIME Hub secret lets you authenticate to Microsoft Fabric without exposing credentials directly. It can be a personal, team, or admin secret.
In KNIME Hub, go to your secret store and create a new secret. Configure the following settings:
- Type of secret: Microsoft
- Authentication type: Application/Service principal
- Name: a descriptive name for this secret
- Domain configuration: your Azure tenant ID (e.g.
faa16e7e-a95d-4117-b2c7-06ffc6e68acb) or domain name (e.g.contoso.onmicrosoft.com) - Client ID: the application ID of the registered Azure app
- Client/App Secret: the secret value of the registered Azure app
- Scope type: Standard > PowerBI
KNIME Hub 1.18
As of KNIME Hub 1.18, you can only use a KNIME Hub secret to work with Microsoft Fabric Data Warehouses via the Microsoft Fabric Data Warehouse Connector node and the KNIME Database framework. The Microsoft OneLake Connector requires the Microsoft Authenticator node.
For details on creating and managing secrets, see the Business Hub Secrets Guide.