This guide is based on https://learn.microsoft.com/en-us/azure/databricks/admin/users-groups/service-principals
Note - This is something your IT department sets up
Short version
- Register a new application
- Add a credential
- Write down client Id, tenant Id, secret and object id
Register a new application
Navigate to the overview and write down the following Id:s
- Application (client) ID
- Directory (tenant) ID
- Object id
Create the secret
Navigate to Certifices & Secrets => Client Secrets click New Client Secret
Choose a name and expire date then copy the value
Test the application / credentials
Please see examples in TS API Authentication
Troubleshooting
When acquiring the token you might get an error “AADSTS501051 _invalid_client: AADSTS501051: Application \<application name\> isn't assigned to a role for the \<web API\>”. This happens in case you have chosen to limit access to Treasury Systems SaaS under “Enterprise Applications” in Entra.
If this happens you need to either remove assignment required or explicitly grant the registered application access to Treasury Systems SaaS.
The later requires scripting since it is not, at the time of writing, available in the UI. [DS4] For instructions see https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal?pivots=aad-powershell
Here is a powershell script for granting access. Replace <YOUR APP DISPLAYNAME> with your chosen name, 'TS API App' in the example above.
# "Get the 'Treasury Systems SaaS' Application"
$tsSaas = Get-AzADServicePrincipal -Filter "displayName eq 'Treasury Systems SaaS'"
# Get the service principal to grant access to"
$myApiClient = Get-AzADServicePrincipal -Filter "displayName eq '<YOUR APP DISPLAYNAME>'"
# show client info
$myApiClient | ft AppDisplayName, Id, AppId
echo "Granting Application '$($myApiClient.AppDisplayName)' access to '$($tsSaas.AppDisplayName)'"
New-AzADServicePrincipalAppRoleAssignment -ResourceId $tsSaas.Id -ServicePrincipalId $myApiClient.Id -AppRoleId 00000000-0000-0000-0000-000000000000
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article