To enable SSO between Power BI and snowflake, we followed the instructions as per the documentation in https://docs.snowflake.com/en/user-guide/oauth-powerbi.html 

Azure AD Issuer is formed properly using the tenant id as per the instructions.

Below is the security integration query used and highlighted the fields that are changed as per our project needs.

Please note that, we have used ‘email_address’ as snowflake user mapping attribute

create security integration powerbi_<project_name>

    type = external_oauth

    enabled = true

    external_oauth_type = azure

    external_oauth_issuer = '<AZURE_AD_ISSUER>'

    external_oauth_jws_keys_url = 'https://login.windows.net/common/discovery/keys'

    external_oauth_audience_list = ('https://analysis.windows.net/powerbi/connector/Snowflake')

    external_oauth_token_user_mapping_claim = 'upn'

    external_oauth_snowflake_user_mapping_attribute = 'email_address';

Test data:

The upn value in power bi is formatted as <sso>@<domain.com>

We confirmed this by creating a sample report in Power BI using "UserPrincipalName()" function

Hence, we updated the email field for this user in snowflake to match the same.

After following these steps, when we tried to use the OAuth2 Authentication method from Power BI Service, its showing error message as shown below:

"Failed to update data source credentials: ODBC: ERROR [28000] Incorrect username or password was specified"

How do we confirm if the correct value is passed for upn and is there anything else we are missing.