Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
Anonymous
Not applicable

PowerBI data gateway with Azure AD SSO

‎05-20-2021 07:26 PM

Azure SQL Databaseを東日本と西日本のリージョンに作成する予定です。東日本のAzureSQLがプライマリで、西日本のAzureSQLはGeoレプリカとなります。

PowerBIワークスペース上に PBIX/RDLのレポートを作成したいと考えています。東日本と西日本の各リージョンにdata gatewayを作成します。データゲートウェイを作成するのは、Azure SQLのFirewall設定を厳密にしたいからです。

テーブルはユーザごとに参照権限を与えて、許可がないと参照できないようにする必要があります。

 

データゲートウェイにSSOをサポートさせるためには、どのような設定が必要ですか?

以下のドキュメントを見ると、オンプレミスのADと接続ができ、Kerberrosの委任が必要なようですが、AzureADを使う場合でもKerberosの委任が必要でしょうか?

 

---translation--

We plan to create Azure SQL Database in the East and West regions. Azure SQL in eastern Japan is the primary, and Azure SQL in western Japan is the Geo replica.

I want to create a PBIX / RDL report on my Power BI workspace. Create data gateways in each region of eastern and western Japan. I create a data gateway because I want to have strict firewall settings in Azure SQL.

Tables should be referenced by each user so that they cannot be referenced without permission.

 

What settings do I need to make my data gateway support SSO?

Looking at the documentation below, it seems that you can connect to your on-premises AD and need Kerberos delegation, but do you need Kerberos delegation even if you use Azure AD?

Configure Kerberos-based SSO from Power BI service to on-premises data sources - Power BI | Microsof...

 

Labels:
Message 1 of 5
1,171 Views
0
1 ACCEPTED SOLUTION
v-luwang-msft
Community Support
Community Support

‎05-24-2021 12:37 AM

Hi @Anonymous  ,

You need to configure the Kerberos Constrained Delegation carefully. Please follow the document closely. 

You can download and install it as before(You can download the on-premise data gateway here: https://www.microsoft.com/en-us/download/details.aspx?id=53127), just add a new feature to the data gateway. Once the data gateway in online and you create a SQL Server data source, you will see the SSO option under Advanced Settings. But you need to configure the Kerberos Constrained Delegation carefully. Please follow the document closely. 

 

v-luwang-msft_0-1621841802768.png

 

Wish it is helpful for you!

 

Best Regards

Lucien

 

View solution in original post

Message 2 of 5
1,113 Views
0
4 REPLIES 4
Anonymous
Not applicable

‎06-01-2021 02:16 AM

PowerBI とAzure SQL DBをゲートウェイ無しで接続すると、第3者のPowerBI利用者がAzure SQLに接続できてしまうので、企業によってはセキュリティポリシーを満たさないんですよ。データゲートウェイを導入することで、Azure SQL のFirewalの設定を厳格にすることができます。

回答者はそのことを認識していないみたいで残念です。

 

Message 5 of 5
1,020 Views
0
v-luwang-msft
Community Support
Community Support

‎05-26-2021 07:04 PM

Hi @Anonymous ,

I find an article tells more details, and i tink it is helpful for you!

Configure Kerberos-based SSO from Power BI service to on-premises data sources

If Azure AD Connect is configured and user accounts are synchronized, the gateway service doesn't need to perform local Azure AD lookups at runtime. Instead, you can simply use the local service SID for the gateway service to complete all required configuration in Azure AD. The Kerberos constrained delegation configuration steps outlined in this article are the same as the configuration steps required in the Azure AD context. They are applied to the gateway's computer object (as identified by the local service SID) in Azure AD instead of the domain account.

 

 

Best Regards

Lucien

Message 4 of 5
1,062 Views
0
v-luwang-msft
Community Support
Community Support

‎05-24-2021 12:37 AM

Hi @Anonymous  ,

You need to configure the Kerberos Constrained Delegation carefully. Please follow the document closely. 

You can download and install it as before(You can download the on-premise data gateway here: https://www.microsoft.com/en-us/download/details.aspx?id=53127), just add a new feature to the data gateway. Once the data gateway in online and you create a SQL Server data source, you will see the SSO option under Advanced Settings. But you need to configure the Kerberos Constrained Delegation carefully. Please follow the document closely. 

 

v-luwang-msft_0-1621841802768.png

 

Wish it is helpful for you!

 

Best Regards

Lucien

 

Message 2 of 5
1,114 Views
0
Anonymous
Not applicable
In response to v-luwang-msft

‎05-26-2021 02:16 AM

I have read that document. But I have some questions.
Do I need a domain controller when delegating Kerberos? Is it possible to substitute with Azure AD?

Message 3 of 5
1,089 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All