I really think it is ideal to use a workspace identity in Microsoft Fabric. This is because not only is it secure by default but not having to manage any client secrets.

It also means that it is then owned by the business, so there are no issues if a user leaves or a user password expires.

In this blog post below, I’m going to show you how to set up a SharePoint folder shortcut using a workspace identity in Microsoft Fabric.

Creating the Workspace Identity

The first step is to create the Workspace Identity.

• I click on Workspace Settings
• Next I click Workspace Identity
• 
• Then I click on the “+ Workspace identity” to create the Workspace Identity.
• Once created I can then see the details as shown below.
• 
• I then made a note of the App ID because I will need this later to grant access to my SharePoint Online Site.

Granting access to SharePoint Site for the Workspace Identity

Next I need to grant access to the SharePoint Site for the Workspace identity I just created. This is to ensure that it can successfully authenticate and connect.

Granting API permissions for Workspace Identity

Now for me to get this working I had to go into Entra ID and grant the API Permissions below for my Workspace Identity.

• I logged into the Azure Portal, clicked on Entra ID, then clicked on App Registrations
• I then searched for my Workspace identity (which I got from when I created it earlier)
  • 
• I then clicked on API permissions
  • 
• I then clicked on Add a permission
  • 
• I then clicked on SharePoint
  • 
• I then clicked on Application permissions
  • 
• I then selected “Sites.Selected”
  • 
  • And clicked on Add permissions
• Once that is added I could see that Admin consent had not been enabled
  • 
• I then clicked on “Grant admin consent for fourmoo.com”
  • 
• I then clicked on Yes to grant the consent.
  • 
• I could then see now the API permissions were applied successfully.
• 

Finding the Site ID for your SharePoint Site

Below is how to get the SharePoint Side ID

• Log into Microsoft Graph
• https://developer.microsoft.com/en-us/graph/graph-explorer
• Then login to your tenant
  • 
• Next find your SharePoint Site URL
  • fourmoo.sharepoint.com and find the site created
    • My example was called Fabric
• Then run the following command
  • https://graph.microsoft.com/v1.0/sites/fourmoo.sharepoint.com:/sites/Fabric
• I then get the response below, and what I am looking for is the GUID after the id name as highlighted below.
• 

Adding the Service Principal Permission to the SharePoint site

Steps below.

• First make sure that I had enabled the following permissions below
  • I clicked on “Modify Permissions”
    • 
  • I then clicked on “Open the permissions panel”
    • 
  • I then searched for Site and gave consent to Site.FullControl.All in order to add the permissions.
    • 
• In Microsoft Graph put in the following:
• 

https://graph.microsoft.com/v1.0/sites/<SITEID>/permissions

• • 1. Make sure it is doing a POST request.
  • 2. The version is v1.0
  • 3. Here I put in my SharePoint Site Id
  • 4. This is the id of my managed entity.
  • NOTE: I set the role to “read” as it only need to read the files in the SharePoint site.
• Once I ran this I got a successful response.
• 

Creating the Shared Connection

Next, I created a Shared Connection, which has got the following advantages:

• The shared connection is owned by the organization.
• I can share the connection with multiple users
• The users do not need to gain access to any credentials
• I go to Mange connections and gateways
  • 
• I then click on New
  • 
• I then complete the connection details below.
  • 

1. I select a “Cloud” connection.

2. I then give the connection a name

3. I then select SharePoint as the connection type.

4. I put in the name of my SharePoint Site

NOTE: This is the same SharePoint site I used earlier in Graph Explorer to get the Site Id.

5. I then select “Workspace identity” from the dropdown menu.

6. I then enable the code-first artifacts for future planning if this is going to be used in Notebooks.

7. I enable the Privacy level.

8. I click on Create to create the Shared Connection.

I can then see it was created successfully

Creating the Shortcut to my SharePoint Site

Finally, I now can create the Shortcut to my SharePoint site.

• I open my lakehouse, click on Files then New Shortcut
  • 
• I then select SharePoint Folder
  • 
• NOTE: What I have noticed when doing this blog post is that sometimes when I get to the connection screen I click on the Existing connection, and I cannot see my newly created Shared Connection.
• To fix this I click on New Connection
  • I put in my Site URL
  • On the drop down for connection, I can then find my Shared Connection
  • 
• I then click Next.
• I then go the option to select which folders I want to see
  • 
• I then clicked on next, I skipped the “Transform your data”
  • 
• On the final screen I reviewed the options and clicked on Create
• 
• I could now see my files and any new files in my SharePoint Folder
• 

As a bonus what I could then do is to use a Fabric Notebook to get the data from the Excel files shortcut and load it into a dataframe to be used for whatever I needed to.

Summary

In this blog post I have shown you how to use a workspace identity to connect to SharePoint files using a shortcut where there is no need for any user-based authentication or managing of passwords. Hope you find this useful if you have any. Questions or comments, please let me know.