Enabling Single Sign-On
When Single Sign-On (SSO) is enabled, viewers of reports in Power BI Service run them under their own Power BI Service usernames. They no longer run reports under the Power BI Service username of the people who published the reports, or under the username of the person who set up Power BI Gateway (if you are using a gateway between Power BI Service and Dremio).
For example, suppose a user Power BI Service with the username user1
publishes a report. Another person, who has the Power BI Service username user2
, runs that report.
-
Without SSO enabled: In Dremio, the username associated with the job that runs the query from the report is
user1
. -
With SSO enabled: In Dremio, the username associated with the job that runs the query from the report is the username
user2
.
Enabling SSO If You Are a Power BI Administrator
By following steps in Microsoft Entra ID and the Power BI Admin portal to enable SSO, you make it easier for yourself to find out in Dremio who exactly is running your reports. Report creators will be able to use Power BI Service to enable SSO on the reports that they publish and have already published.
Before following the steps to enable SSO, ensure that these prerequisites are met:
-
Users of Power BI Desktop must be using the October 2022 release or a later release.
-
If you are using Power BI Gateway for connections from Power BI Service to Dremio, Power BI Gateway must be the October 2022 release or a later release.
-
Enable Microsoft Entra ID for authenticating from Power BI to Dremio.
-
Follow the steps in Microsoft Entra ID.
-
Follow the steps in the section "Configuring Power BI Authentication" in BI Applications.
-
-
Log into the Power BI Admin portal.
-
Select Tenant settings.
-
Toggle on the Enabled switch under Dremio SSO.
Enabling SSO If You Are a Power BI Report Creator
By enabling SSO, you make it easier for administrators to track who is viewing your reports. The steps for enabling SSO differ according to whether Power BI Service connects to Dremio through Direct Query or through Power BI Gateway.
Enabling SSO for Specific Reports When You Are Using Direct Query
If Power BI Service connects directly to your Dremio cluster via Direct Query, you can this procedure to enable single sign-on (SSO).
These steps require that the report was published with Power BI Desktop October 2022 or later.
-
Log into Power BI Service.
-
Open the workspace to which you published the report.
-
Find the dataset that is associated with the report and click the three dots next to its name.
-
Select Settings.
-
If you see the warning "One or more cloud data sources for this dataset have been deleted.", follow these steps to make the warning disappear:
-
Expand the Gateway connection section.
-
Collapse the Gateway connection section.
-
-
Expand the Data source credentials section and click Edit credentials.
-
In the configure dialog, follow these steps:
-
In the Authentication method field, select one of these options:
-
Key: Allows you to authenticate by using a personal access token obtained from Dremio Cloud.
-
OAuth2: Allows you to authenticate by using your Microsoft ID and password.
-
-
If you selected Key in the Authentication method field, paste your personal access token into the Account Key field.
-
In the Privacy level setting for this data source field, ensure that Private is selected.
-
Select the check box Report viewers can only access this data source with their own Power BI identities using DirectQuery.
-
Click Sign in.
-
Enabling SSO for Specific Reports When You Are Using Power BI Gateway
Follow these steps when you are using Power BI Gateway for connections between Power BI Service and Dremio Cloud:
-
Log into Power BI Service.
-
Select Workspaces > Name of workspace.
-
In the list, find your dataset for your report in the list, click the ellipsis button, and select Settings.
-
In the settings for the dataset, expand Gateway connection.
-
Recreate your data source by following these steps:
-
Select the Maps to field.
-
Select Manually add to gateway.
-
In the New data source dialog, create a data source that matches the one that you previously used for your dataset. However, give the new data source a different name.
-
In the Authentication method field, select one of these options:
-
Key: Allows you to authenticate by using a personal access token obtained from Dremio Cloud.
-
OAuth2: Allows you to authenticate by using your Microsoft ID and password.
-
-
If you selected Key in the Authentication method field, paste your personal access token into the Account Key field.
-
If you selected OAuth2 in the Authentication method field, click Edit credentials.
-
If you want to enable single sign-on (SSO) for viewers of your report, and you created the report by using a Dremio Cloud connection type in Power BI Desktop October 2022 or later: Select the option Use SSO via Microsoft Entra ID for DirectQuery queries.
-
Click Create.
-
Return to the settings for your dataset.
-
-
Under Gateway connection, verify that the new data source is selected in the Maps to field.