Solved: Snowflake SSO and import mode

vivianecechetti · ‎05-16-2025

Hello, everybody.

I have a question about Power BI and Snowflake: if I use SSO to access my data on Snowflake, is it possible to have an Import Mode? Or I can just have Direct Query mode?

Ritaf1983 · ‎05-16-2025

Hi @vivianecechetti

Yes, you can utilize Single Sign-On (SSO) with Snowflake in Import Mode within Power BI. Here's how it works:

Power BI Desktop:

When connecting to Snowflake, select the Microsoft Account option for authentication.

This leverages your Microsoft Entra ID (formerly Azure AD) credentials to establish the connection.

Power BI Service (Scheduled Refresh):

After publishing your report, navigate to the dataset settings.

Under Data source credentials, choose OAuth2 as the authentication method.

Sign in with your Microsoft Entra ID credentials.

This setup allows the Power BI Service to use your Entra ID token to authenticate with Snowflake during scheduled refreshes.

Important Considerations:

SSO Configuration: Ensure that SSO is properly configured between Microsoft Entra ID and Snowflake. This involves setting up an external OAuth security integration in Snowflake and enabling SSO in the Power BI Admin portal.

Role Mapping: The user principal name (UPN) from Entra ID should map correctly to a user in Snowflake. This ensures that the appropriate permissions are applied during data access.

Token Expiry: Be aware of token lifetimes. Microsoft Entra ID tokens have expiration periods, and you may need to re-authenticate periodically, especially if there are changes to your credentials or organizational policies.

More informatation by the links:

https://docs.snowflake.com/en/user-guide/oauth-powerbi

https://learn.microsoft.com/en-us/power-bi/connect-data/service-connect-snowflake

If this post helps, then please consider Accepting it as the solution to help the other members find it more quickly

Regards,
Rita Fainshtein | Microsoft MVP
https://www.linkedin.com/in/rita-fainshtein/
Blog : https://www.madeiradata.com/profile/ritaf/profile

View solution in original post

vivianecechetti · ‎05-16-2025

Thank you for the answer @Ritaf1983 . From this perspective I'm wondering how RLS from Snowflake is applied when we have an Import file. So, for the end users on Power BI Service we will be also having an import dashboard? I didn't find this in the documentation.

Ritaf1983 · ‎05-16-2025

Hi again 🙂

You're absolutely right to raise that question – this is actually a common challenge when working with Snowflake in Import Mode.

When you use Import Mode, Snowflake’s native Row-Level Security (RLS) doesn’t carry over into Power BI. The data is imported as-is, and Power BI has no awareness of the Snowflake roles or policies after the import.

This means that if you want to apply RLS for end users, you have to rebuild the RLS logic inside Power BI – using user tables, mappings by UPN/email, and defining RLS rules manually in the model.

I have a customer who chose to stick with DirectQuery, even with the performance trade-offs, just to preserve Snowflake's dynamic RLS, because they didn’t want to manage security logic twice.