Versions Compared

Old Version 6

changes.mady.by.user COLOMBANI-ext, Theo

Saved on

compared with

New Version Current

changes.mady.by.user COLOMBANI-ext, Theo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Version

Date

Description

Contributor

V0.1

 

Initial document

COLOMBANI Théo

V0.2

 

Added to the wiki

COLOMBANI Théo

V0.3

 

Added Shortcut specific guidelines (section 4)
Added authentification part to be set up (section 5)		COLOMBANI Théo





Table of Contents
maxLevel3

...

This guide focuses on the two recommended enterprise patterns:

  • Workspace

    • Identity

  • identity : To use workspace identity authentication for OneDrive or SharePoint shortcuts, you need to grant your workspace identity access to the OneDrive or SharePoint site. 

  • Service Principal :To use service principal authentication, register an application in Microsoft Entra ID and create a client secret. Then, grant the service principal access to your SharePoint site using Microsoft Graph. The service principal needs at least read permission on the SharePoint site

    • Service Principal

...

2. Summary — Workspace Identity vs Service Principal


Info

Create a OneDrive or SharePoint shortcut

Fabric SharePoint Shortcut - potentials issues


CriteriaWorkspace IdentityService Principal
DefinitionFabric-managed identity (auto-created service principal)Entra ID application identity
Credential managementFully managed (no secrets)Requires secret or certificate
Setup complexityLowMedium
Governance controlLimited to Fabric scopeFull control via Entra ID
SharePoint authorizationRequires explicit site accessRequires explicit site access
Security riskLow (no credential exposure)Medium (secret lifecycle)
Cross-platform usageLimitedStrong (usable across services)
LifecycleTied to workspaceIndependent lifecycle
Recommended usageSimplicity / low opsEnterprise governance / control

...

3.2 Configuration Steps (Shortcut context)

Info
  1. Create a Workspace Identity in Fabric
    • Workspace settings → Workspace Identity
    • Requires admin role
  2. Retrieve the identity in Entra ID
    • Same name as workspace
    • Copy Application ID
  3. Grant access to SharePoint site
    • Add the identity to the site permissions
    • Minimum: read access
  4. Create the Shortcut
    • Select Workspace Identity as authentication method

...

4.2 Configuration Steps (Shortcut context)

Info

Securely connect Microsoft Fabric to SharePoint

  1. Create an App Registration in Entra ID
    • Generate:
      • Client ID
      • Client Secret or Certificate
  2. Assign API permissions
    • SharePoint / Graph permissions
    • Prefer Sites.Selected
  3. Grant access to SharePoint site
    • Explicitly authorize the Service Principal
    • Required in addition to API permissions
  4. Configure authentication in Fabric
    • Select Service Principal in Shortcut
    • Provide credentials

...