This guide is based on https://learn.microsoft.com/en-us/azure/databricks/admin/users-groups/service-principals
Short version
- Register a new application
- Add a credential
- Write down client Id, tenant Id, secret and object id
Register a new application
Navigate to the overview and write down the following Id:s
- Application (client) ID
- Directory (tenant) ID
- Object id
Create the secret
Navigate to Certifices & Secrets => Client Secrets click New Client Secret
Choose a name and expire date then copy the value
Test the application / credentials
Please see examples in TS API Authentication
Troubleshooting
When acquiring the token you might get an error “AADSTS501051 _invalid_client: AADSTS501051: Application \<application name\> isn't assigned to a role for the \<web API\>”. This happens in case you have chosen to limit access to Treasury Systems SaaS under “Enterprise Applications” in Entra.
If this happens you need to either remove assignment required or explicitly grant the registered application access to Treasury Systems SaaS.
The later cannot requires scripting since it is not, at the time of writing, available in the UI. [DS4] For instructions see https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal?pivots=aad-powershell
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article