On this page

    BI Applications Authentication Configuration

    This topic describes the authentication configuration of the BI applications that provide native connectivity to Dremio Cloud.

    Configuring Power BI Authentication

    1. In the Dremio Cloud UI, click the Settings (gear) icon that is towards the bottom of the left sidebar. Click Organization Settings from the menu.
    2. On the Organization Settings page, click BI Applications in the left sidebar.
    3. On the BI Applications page, click the Power BI tab.
    4. Under Power BI, for Enable single sign on for Power BI, check the box.
    5. For Azure Active Directory Tenant ID, enter the tenant ID of your Azure AD account.
    6. For User Claim Mapping, specify the key of the user claim that Dremio Cloud must look up in access tokens to find the username of the user attempting to log in. See User Claim Mapping for more information about this field.
    7. Click Save.

    Editing the Power BI Authentication Configuration

    1. On the Organization Settings page, click BI Applications in the left sidebar.

    2. On the BI Applications page, click the Power BI tab.

    3. Under Power BI, for Enable single sign on for Power BI, check the box. Uncheck that box to disable the single sign-on service if it is checked.

    4. For Azure Active Directory Tenant ID, enter a tenant ID of your Azure AD account.

    5. For User Claim Mapping, specify the key of the user claim that Dremio Cloud must look up to find the username of the user attempting to log in. See User Claim Mapping for more information about this field.

    6. Click Save.

    7. Grant Dremio Cloud access to your AAD tenant, if access to it was not already granted:

      a. Paste this URL into a web browser, where <tenant-ID> is the tenant ID from step 4:

      URL to use in browser
      https://login.microsoftonline.com/<tenant-ID>/v2.0/adminconsent?client_id=429333a8-1521-4502-9101-6d4f2c1de644&scope=User.Read&redirect_uri=https://app.dremio.cloud/sso
      

      b. Follow the prompts from Microsoft by signing in with an account that you use to sign into Dremio.

      c. In the prompt titled Need admin approval, click “Have an admin account? Sign in with that account” and sign in with an admin account for your AAD tenant.

    Configuring Tableau Authentication

    1. In the Dremio Cloud UI, click the Settings (gear) icon that is towards the bottom of the left sidebar. Click Organization Settings from the menu.

    2. On the Organization Settings page, click BI Applications in the left sidebar.

    3. On the BI Applications page, click the Tableau tab.

    4. Under Tableau, for Enable single sign on for Tableau, check the box.

    5. For Redirect URIs, enter a comma-separated list of custom URIs for Dremio Cloud to register them as trusted redirect URIs. These URIs are only required for Tableau Server. After the redirect URIs are registered, Dremio Cloud uses these URIs to redirect the user back to the Tableau Server after authentication.

      For Tableau Server, specify http://<domain-name or IP address>/auth/add_oauth_token as the Redirect URI. Replace the domain name or the IP address of your Tableau Server deployment in the URI.

    warning:

    Specifying port numbers in a custom URI does not register it as a trusted redirect URI.

    For Tableau Desktop, http://localhost/Callback and http://127.0.0.1/Callback are preregistered as the redirect URIs.

    For Tableau Online, a set of production endpoints and development pods' endpoints are preregistered as the redirect URIs.

    1. Click Save.

    Editing the Tableau Authentication Configuration

    1. On the Organization Settings page, click BI Applications in the left sidebar.
    2. On the BI Applications page, click the Tableau tab.

    warning:

    Unchecking the Enable single sign on for Tableau box disables the single sign-on service for users.

    1. For Redirect URIs, add a trusted custom URI to the existing comma-separated list of URIs for Tableau Server.

    warning:

    Specifying port numbers in a custom URI does not register it as a trusted redirect URI.