Administering Connectivity
As an administrator, you configure connectivity from Power BI Service to Dremio, so that Power BI business users and report creators can run reports published to Power BI Service.
Power BI Service can connect to Dremio directly (Direct Query) or through Power BI Gateway.
For best results, all users of Power BI Desktop should be at the current version. Power BI Gateway should both be at the current version, too.
Supported Methods of Authenticating from Power BI Desktop to Dremio
There are three different methods that you can ask users of Power BI Desktop to use when connecting to Dremio:
-
Use the username and password for a Microsoft account. As a prerequisite, ensure that your Dremio cluster is configured for authentication with Microsoft Azure Active Directory. For the requirements and steps for enabling this method of authentication, see Configuring Authorization for Microsoft Power BI.
noteUsers of Power BI Desktop must use their Microsoft credentials if you want them to enable Single Sign-On (SSO) for viewers of their reports.
-
Use a username and password for a Dremio account.
Enabling Users to Connect to Dremio by Using Direct Query
If users of Power BI Service want to run reports that were published from Power BI Desktop June 2022 or later, then connections from Power BI Service to Dremio do not have to go through Power BI Gateway. The ability to connect without using Power BI Gateway is called Direct Query.
To enable users to use Direct Query, ensure that these prerequisites are met:
- Your Dremio cluster must accept only encrypted connections on its client port.
- The Dremio host and client port must be public.
- The Dremio host must have a CA-signed certificate.
It is not guaranteed that your CA-signed certificate will be supported by your Power BI Service capacity. If your certificate is not supported, connections to Dremio must go through Power BI Gateway.
Enabling Users of Power BI Service to Connect to Dremio via Power BI Gateway
Users of Power BI must connect to your Dremio cluster through a gateway if the cluster is behind a firewall.
To enable Power BI users to connect to Dremio via Power BI Gateway:
-
Log in to your Power BI Service account at https://app.powerbi.com/.
-
Click ... next to your profile picture at the top-right corner of the browser and navigate to Settings > Manage gateways.
-
Under GATEWAY CLUSTERS, select the gateway you created previously.
-
Select the checkbox Allow user's cloud data sources to refresh through this gateway cluster.
-
At the top of the page, click Add data sources to use the gateway. This launches the Data Source Settings page.
-
Enter a Data Source Name.
-
Select the Data Source Type drop-down menu and select Dremio.
-
Specify your authentication credentials by using one of these options:
-
If you want to sign in to your Dremio cluster by using the username and password for a Microsoft account, select Microsoft Account in the sidebar. Click Sign in, and then specify the username and password for the account.
noteYou can use Microsoft authentication only if the administrator for your Dremio organization has enabled it.
-
If you want to sign in to your Dremio cluster with a plain username and password, select Username/Password in the sidebar, specify them, and then click Connect. You have the option of using a personal access token (PAT), instead of your password. To generate a PAT, see Creating a PAT.
-
-
In the Advanced Settings section, set the option Connection Encryption setting for this data source to either of these values:
-
Not Encrypted
-
Encrypted
Recommended
Before selecting this value, ensure that these steps have been followed, if you are not using a load balancer for SSL offloading:- Generate a certificate from a certificate authority or generate a self-signed certificate.
- Configure the
dremio.conf
file according to the "Web Server Encryption" section in "Configuring Wire Encryption", so that Dremio can locate the certificate when you attempt a connection from Power BI Gateway.
-
-
Click Apply.
Enabling Single Sign-On
When Single Sign-On (SSO) is enabled, viewers of reports in Power BI Service run them under their own Power BI Service usernames. They no longer run reports under the Power BI Service usernames of the people who published the reports, or under the username of the person who set up Power BI Gateway (if you are using a gateway between Power BI Service and Dremio).
For example, suppose a user of Power BI Service with the username user1
publishes a report. Another person, who has the Power BI Service username user2
, runs that report.
- Without SSO enabled: In Dremio, the username associated with the job that runs the query from the report is
user1
. - With SSO enabled: In Dremio, the username associated with the job that runs the query from the report is
user2
.
By following steps in Azure Active Directory (AAD) and the Power BI Admin portal to enable SSO, you make it easier for yourself to find out in Dremio who exactly is running your reports. Report creators will be able to use Power BI Service to enable SSO on the reports that they publish and have already published.
Before following the steps to enable SSO, ensure that these prerequisites are met:
- Users of Power BI Desktop must be using the November 2022 release or a later release.
- Dremio must be at version 24.0 or later.
- If you are using Power BI Gateway for connections from Power BI Service to Dremio, Power BI Gateway must be the November 2022 release or a later release.
- Your Dremio cluster's client port must be encrypted.
- If Power BI Service connects directly to Dremio (Direct Query), then the client port must be publicly exposed.
- Configure Azure Active Directory for Power BI.
- Log into the Power BI Admin portal.
- Select Tenant settings.
- Toggle on the Enabled switch under Dremio SSO.