Skip to main content

BI Applications

This topic describes the authentication configuration of the BI applications that provide native connectivity to Dremio Cloud.

Configuring Power BI Authentication

  1. In the Dremio Cloud UI, click the Settings (gear) icon that is towards the bottom of the left sidebar. Click Organization Settings from the menu.
  2. On the Organization Settings page, click BI Applications in the left sidebar.
  3. On the BI Applications page, click the Power BI tab.
  4. Under Power BI, for Enable single sign on for Power BI, check the box.
  5. For Microsoft Entra Tenant ID, enter the tenant ID of your Microsoft Entra ID account.
  6. For User Claim Mapping, specify the key of the user claim that Dremio Cloud must look up in access tokens to find the username of the user attempting to log in. See User Claim Mapping for more information about this field.
  7. Click Save.

Editing the Power BI Authentication Configuration

  1. On the Organization Settings page, click BI Applications in the left sidebar.
  2. On the BI Applications page, click the Power BI tab.
  3. Under Power BI, for Enable single sign on for Power BI, check the box. Uncheck that box to disable the single sign-on service if it is checked.
  4. For Microsoft Entra Tenant ID, enter a tenant ID of your Microsoft Entra ID account.
note

The tenant ID of each Microsoft Entra ID account can only be assigned to a single Dremio Cloud organization.

  1. For User Claim Mapping, specify the key of the user claim that Dremio Cloud must look up to find the username of the user attempting to log in. See User Claim Mapping for more information about this field.

  2. Click Save.

  3. Grant Dremio Cloud access to your Microsoft Entra ID tenant, if access to it was not already granted:

    a. Paste this URL into a web browser, where <tenant-ID> is the tenant ID from step 4:

    URL to use in browser
    https://login.microsoftonline.com/<tenant-ID>/v2.0/adminconsent?client_id=429333a8-1521-4502-9101-6d4f2c1de644&scope=User.Read&redirect_uri=https://app.dremio.cloud/sso

    b. Follow the prompts from Microsoft by signing in with an account that you use to sign into Dremio.

    c. In the prompt titled Need admin approval, click "Have an admin account? Sign in with that account" and sign in with an admin account for your Microsoft Entra ID tenant.

Configuring Tableau Authentication

  1. In the Dremio Cloud UI, click the Settings (gear) icon that is towards the bottom of the left sidebar. Click Organization Settings from the menu.
  2. On the Organization Settings page, click BI Applications in the left sidebar.
  3. On the BI Applications page, click the Tableau tab.
  4. Under Tableau, for Enable single sign on for Tableau, check the box.
  5. For Redirect URIs, enter a comma-separated list of custom URIs for Dremio Cloud to register them as trusted redirect URIs. These URIs are only required for Tableau Server. After the redirect URIs are registered, Dremio Cloud uses these URIs to redirect the user back to the Tableau Server after authentication.

For Tableau Server, specify http://<domain-name or IP address>/auth/add_oauth_token as the Redirect URI. Replace the domain name or the IP address of your Tableau Server deployment in the URI.

caution

Specifying port numbers in a custom URI does not register it as a trusted redirect URI.

For Tableau Desktop, http://localhost/Callback and http://127&#46;0.0.1/Callback are preregistered as the redirect URIs.

For Tableau Cloud, a set of production endpoints and development pods' endpoints are preregistered as the redirect URIs.

  1. Click Save.

Editing the Tableau Authentication Configuration

  1. On the Organization Settings page, click BI Applications in the left sidebar.
  2. On the BI Applications page, click the Tableau tab.
caution

Unchecking the Enable single sign on for Tableau box disables the single sign-on service for users.

  1. For Redirect URIs, add a trusted custom URI to the existing comma-separated list of URIs for Tableau Server.
caution

Specifying port numbers in a custom URI does not register it as a trusted redirect URI.