Azure AD-based Single Sign-On for Dremio Cloud and Power BI
The Dremio Open Data Lakehouse and Microsoft Power BI enable a wide range of data consumers to make decisions based on their organization’s data regardless of its physical location, without moving or copying the data. Power BI enables self-service analytics at enterprise scale, and Dremio extends self-service capabilities with its semantic layer, allowing organizations to easily join and query data in place using simple SQL statements.
As more data consumers directly access and manipulate data, transparency and accurate reporting on who is consuming analytics and when reports are running is critical from a governance perspective. Previously, Power BI users were limited regarding which credentials flowed through to Dremio, and this issue manifested in two different ways:
- In a Direct Query use case where the data does not get copied into Power BI, if one user shared a report with another user and the latter accessed the report, the job would show as the report owner’s job in Dremio.
- If a user is using the on-premises data gateway, which provides a bridge between on-premises data sources and Power BI, then all jobs would show as the administrator’s job in Dremio, regardless of how many end users have access through the on-premises data gateway.
Both of these scenarios created data governance and auditing issues for data teams.
Today, we are excited to announce Azure Active Directory (AAD)-based Single Sign-On (SSO) support for Dremio Cloud and Power BI! Now, whether users are accessing shared reports via Direct Query, or analyzing data using the on-premises data gateway, that user’s credentials will flow all the way through to Dremio Cloud. SSO provides data teams with capabilities like logging and auditing query usage, and it enhances security by providing visibility and access control to data at the table-, row-, and column-levels. Ultimately, SSO gives data teams full visibility into their consumption of Dremio and Power BI.
Setting up Power BI SSO for Dremio Cloud
Step 1: In Dremio Cloud, navigate to the “BI Applications” page under the “Organizational” settings. Input the following information:
- Enable single sign on for Power BI: (Check this box)
- Azure Active Directory Tenant ID: (Add the ID of the Azure AD tenant that you will sign into Dremio with.)
- User Claim Mapping: upn (This is necessary to use the new Microsoft token for SSO)
Step 2: Create reports and data sources using the new SSO option.
In Power BI, create a new data source. Select “OAuth2” as the authentication method and click on “Single Sign-On” as well.
Sample workflow: In the following example, Stephen creates a report, and sends it to his colleague, Rapinder. Here is the original report:
Rapinder receives the report via email:
Rapinder can then access and run the report. The Jobs table in Dremio shows that Rapinder ran the report, not Stephen, providing traceability of all activity in Power BI.
Get Started with Power BI and Dremio Cloud today!
Get started with Power BI today! https://powerbi.microsoft.com/getting-started-with-power-bi/
Similarly, get started with Dremio Cloud! Visit www.dremio.com/get-started and sign up for your “Forever-Free” tier.