web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Service Principles - D...
Power Apps
Answered

Service Principles - Dataverse, environment and key vault - should they be on one SP?

(1) ShareShare
ReportReport
Posted on by 24
Hi all, 
 
I've been reading about service principles and for the most part they make sense. I've found some great guides on how to create them (A Visual Guide To Power Platform Service Principal Setup (matthewdevaney.com and Service Principal in Power Automate | Power Platform Universe) but it's not clear on how many you should have and how to divide them up based on tasks you need them to do.
  • Should the Azure app I create for a Dataverse service principle also have access to the Key Vault? And should I have one of these for each of our environments?
  • What should I be using a service principle for?
    • Dataverse
    • Key vault
    • One article adds the service principle to the environment as a system admin role
  • Who can access and use these service principles? If I use one in a flow for Dataverse and connect it using the service principle, who else can now do the same thing as the connector has now been added to that environment? Will it prompt for the secret when someone goes to use it next time? Same goes if I use a service principle for a key vault. 
  • Licencing - I've read conflicting things regarding licencing. 
Cheers
I have the same question (0)
  • Verified answer
    Shashank Bhide Profile Picture
    946 Moderator on at
    • Should the Azure app I create for a Dataverse service principle also have access to the Key Vault? And should I have one of these for each of our environments?
    There is no way to do that, EntraID apps provide client id/secrets which could be stored inside key vault and then other services which need to connect to Dataverse using those clientID/secrets will need access to the key vault, the app itself is a stationary object and doesn't do much beyond providing a middle party registration
     
     
    • What should I be using a service principle for?
      • Dataverse (YES)
      • Key vault (NO)
      • One article adds the service principle to the environment as a system admin role (YES)
     
    A service principal (SP) is a non licensed non human "user" of dynamics which can be assigned a security role and then based on the security role this SP can read data from CRM, the third point mentioned is a common practice to use this SP user as an integration account.
     
     
    • Who can access and use these service principles? If I use one in a flow for Dataverse and connect it using the service principle, who else can now do the same thing as the connector has now been added to that environment? Will it prompt for the secret when someone goes to use it next time? Same goes if I use a service principle for a key vault. 
     
    anyone with access to clientID/clientSecret provided by the the AAD during app registration can use this. so it needs to be properly secured.
     
    • Licencing - I've read conflicting things regarding licencing. 
    Service principals don't need separate licnese, and also provide far better API connectivity than a licensed user, their sold purpose is to act as an integration user (non human) 

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 531 Most Valuable Professional

#2
Haque Profile Picture

Haque 261

#3
Kalathiya Profile Picture

Kalathiya 221 Super User 2026 Season 1

Last 30 days Overall leaderboard