Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
Anonymous
Not applicable

Integrate SSO/SAML or OIDC authentication in PowerBI on premise (ReportServer)?

‎07-03-2023 07:06 AM

 

Dear Community,

we are currently using an on-premises ReportServer, with PowerBI, and are exploring options to authenticate our users through a Single Sign-On (SSO) IdentityProvider. In our case, we are utilizing Okta, and we would like to use either SAML or OAuth (OIDC) as the authentication type.

We are seeking advice on how to achieve this. Would we need to create our own SecurityExtension, similar to the Custom Security Sample provided on this link: https://github.com/Microsoft/Reporting-Services/tree/master/CustomSecuritySample?

Is there anyone who has implemented this using OIDC or SAML? Are there alternative methods we could consider? Any guidance would be greatly appreciated.

Thank you!

Message 1 of 4
3,251 Views
3 REPLIES 3
rohit1991
Super User
Super User

‎02-02-2025 06:49 AM

Hi @Anonymous ,
Integrating SSO (SAML/OIDC) with Power BI Report Server (On-Premises)

Power BI Report Server does not natively support SAML or OIDC authentication, but you can integrate SSO using Custom Security Extensions.

Approach 1: Custom Security Extension (Recommended)

  • Power BI Report Server supports Forms Authentication via Custom Security Extensions.
  • Microsoft provides a Custom Security Sample:
    GitHub: Reporting Services Custom Security
  • Modify this extension to authenticate with Okta via SAML or OIDC.

Steps:

  1. Download & Modify Custom Security Sample

    • Implement authentication logic for SAML or OIDC (OAuth 2.0) with Okta.
    • Use Okta SDK or API to verify tokens.

  2. Deploy the Security Extension

    • Register it in RSReportServer.config and RSSrvPolicy.config.

  3. Enable Form Authentication

    • Modify authentication settings in the configuration files.

 

Approach 2: Reverse Proxy with SSO

If modifying the Report Server is not an option, use a reverse proxy with SSO support, such as:

  • Azure AD App Proxy (if using Azure AD)
  • NGINX or Apache configured with OIDC authentication
  • Okta Access Gateway

These proxies authenticate users before they access Report Server.


Alternative: Windows Integrated Authentication

If your Okta setup supports Active Directory Federation (ADFS), you can:

  • Sync users with AD
  • Use Kerberos / NTLM for seamless login

However, this requires Hybrid AD or AD Connect.

 


Did it work? ✔ Give a Kudo • Mark as Solution – help others too!
Message 4 of 4
1,647 Views
0
David_U
New Member

‎01-31-2025 11:56 AM

 Has another found a solution to this? I'm looking for the same solution.

Message 3 of 4
1,682 Views
0
ballebone
New Member

‎07-19-2023 02:10 PM

I have a huge need for an OIDC Auth Module for SSRS/PowerBi Reports Custom Module. The Sample is not super accessible for a person of my experience level. Anyone have a better example or lead to success?

Message 2 of 4
3,180 Views
0

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All