On this page

    BI Applications Authentication Configuration

    This topic describes the authentication configuration of the BI applications that provide native connectivity to Dremio Cloud.

    Configuring Power BI Authentication

    To identify the Azure application housing user information for Power BI users, Dremio needs the Azure tenant ID.

    Perform the following steps to configure the Power BI authentication:

    1. In the Dremio Cloud UI, click the Settings (gear) icon that is towards the bottom of the left sidebar. Click Organization Settings from the menu.

    2. On the Organization Settings page, click BI Applications in the left sidebar.

    3. On the BI Applications page, click the Power BI tab.

    4. Under Power BI, for Enable single sign on for Power BI, check the box.

    5. For Azure Active Directory Tenant ID, enter the tenant ID of your Azure AD account.

    6. For User Claim Mapping, enter the claim’s name of the Azure AD token that maps to the Dremio username. The user claim is described here.

    7. Click Save.

    8. Grant Dremio Cloud access to your AAD tenant, if access to it was not already granted:

      a. Paste this URL into a web browser, where <tenant-ID> is the tenant ID from step 5:

      https://login.microsoftonline.com/<tenant-ID>/v2.0/adminconsent?client_id=429333a8-1521-4502-9101-6d4f2c1de644&scope=User.Read&redirect_uri=https://app.dremio.cloud/sso
      

      b. Follow the prompts from Microsoft by signing in with an account that you use to sign into Dremio.

      c. In the prompt titled Need admin approval, click “Have an admin account? Sign in with that account” and sign in with an admin account for your AAD tenant.

    Editing the Power BI Authentication Configuration

    Perform the following steps to edit the authorization for Power BI:

    1. On the Organization Settings page, click BI Applications in the left sidebar.

    2. On the BI Applications page, click the Power BI tab.

    3. Under Power BI, for Enable single sign on for Power BI, check the box. Uncheck that box to disable the single sign-on service if it is checked.

    4. For Azure Active Directory Tenant ID, enter a tenant ID of your Azure AD account.

    5. For User Claim Mapping, enter the claim’s name of the AAD token that maps to the Dremio username. The user claim is described here.

    6. Click Save.

    7. Grant Dremio Cloud access to your AAD tenant, if access to it was not already granted:

      a. Paste this URL into a web browser, where <tenant-ID> is the tenant ID from step 4:

      https://login.microsoftonline.com/<tenant-ID>/v2.0/adminconsent?client_id=429333a8-1521-4502-9101-6d4f2c1de644&scope=User.Read&redirect_uri=https://app.dremio.cloud/sso
      

      b. Follow the prompts from Microsoft by signing in with an account that you use to sign into Dremio.

      c. In the prompt titled Need admin approval, click “Have an admin account? Sign in with that account” and sign in with an admin account for your AAD tenant.

    Configuring Tableau Authentication

    Tableau users can connect to Dremio Cloud using the single sign-on service.

    Perform the following steps to configure authentication for Tableau:

    1. In the Dremio Cloud UI, click the Settings (gear) icon that is towards the bottom of the left sidebar. Click Organization Settings from the menu.

    2. On the Organization Settings page, click BI Applications in the left sidebar.

    3. On the BI Applications page, click the Tableau tab.

    4. Under Tableau, for Enable single sign on for Tableau, check the box.

    5. For Redirect URIs, enter a comma-separated list of custom URIs for Dremio Cloud to register them as trusted redirect URIs. These URIs are only required for Tableau Server. After the redirect URIs are registered, Dremio Cloud uses these URIs to redirect the user back to the Tableau Server after authentication.

      For Tableau Server, specify http://<domain-name or IP address>/auth/add_oauth_token as the Redirect URI. Replace the domain name or the IP address of your Tableau Server deployment in the URI.

    warning:

    Specifying port numbers in a custom URI does not register it as a trusted redirect URI.

    For Tableau Desktop, http://localhost/Callback and http://127.0.0.1/Callback are preregistered as the redirect URIs.

    For Tableau Online, a set of production endpoints and development pods' endpoints are preregistered as the redirect URIs.

    1. Click Save.

    Editing the Tableau Authentication Configuration

    Perform the following steps to edit the authentication configuration for Tableau:

    1. On the Organization Settings page, click BI Applications in the left sidebar.
    2. On the BI Applications page, click the Tableau tab.

    warning:

    Unchecking the Enable single sign on for Tableau box disables the single sign-on service for users.

    1. For Redirect URIs, add a trusted custom URI to the existing comma-separated list of URIs for Tableau Server.

    warning:

    Specifying port numbers in a custom URI does not register it as a trusted redirect URI.