Configuring Authorization for Microsoft Power BI

This topic describes configuring authorization of Power BI to Dremio with Microsoft Entra ID. With this authorization option, Dremio is able to handle secure user authorization with an identity provider using JSON Web Tokens (JWTs).

Requirements

• Microsoft Power BI Desktop (December 2021+), which includes Dremio as a Certified Connector
• Support key auth.external-token-providers.enabled enabled

Configuring Microsoft Entra ID for Power BI

1. From Dremio, click the Settings (gear) icon at the bottom-left corner of the screen. Click Settings from the menu.

2. On the Settings page, click Support from the left-hand menu.

3. Under the Support Key section, enter auth.external-token-providers.enabled in the search bar on the right and click Show.

4. Where the new support key appears at the top of the list of keys, click the Enable button.

5. Click BI Applications > Authorization from the left sidebar.

6. Select Enable single sign on for Power BI.

7. In the Microsoft Entra Tenant ID field, enter the tenant ID of your Microsoft Entra ID account. Instructions for finding your tenant ID may be found here.

8. In the User Claim Mapping or User Claim Mapping (Legacy) field, specify the key of the user claim that Dremio Cloud must look up to find the username of the user attempting to log in through an external token provider.

   Only JSON Web Tokens (JWTs) are supported. The user claim in a JWT uniquely identifies the user.

   The User Claim Mapping field is for use with Power BI November 2022 or later. When you use one of these versions of Power BI with Microsoft Entra ID, the user claim is upn, which is a basic claim in v1.0 access tokens. If you are using a different external token provider and a user claim other than upn, specify that user claim in the User Claim Mapping field.

   The User Claim Mapping (Legacy) field is for use with Power BI October 2022 or earlier. When you use one of these versions of Power BI with Microsoft Entra ID, the user claim is preferred_username, which is a payload claim in v2.0 access tokens. If you are using a different external token provider and a user claim other than preferred_username, specify that user claim in the User Claim Mapping field.

9. Click Save.

Disabling Microsoft Entra ID for Power BI

Perform the following steps to disable the Microsoft Entra ID configuration for Power BI:

1. From Dremio, click the Settings (gear) icon at the bottom-left corner of the screen. Click Settings from the menu.
2. Click BI Applications > Authorization from the left sidebar.
3. Deselect Enable single sign on for Power BI to disable the single sign-on service if it is checked.
4. Click Save.