Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Grow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.

Reply
ja1meee
Frequent Visitor

Security Role via SSO

Hello! 

 

I would like to seek your advice regarding applying security via Single Sign-On (SSO) in a Power BI Report. Here is the planned setup for the reports:

Role Management System -> Azure Active Directory -> Power BI 

(1) There is an existing role management system that manages all the security roles in the whole project. This is 
(2) The security roles will then be inherited via Azure Active Directory.
(3) The roles in Azure AD will then be passed to Power BI ideally via SSO.

The Role Management System stores all its security roles in databricks tables:
(a) SecurityID - this table stores all the Security IDs in the Role Management System

(b) SecurityAccess - this table stores all the tables that can be accessed by the Security IDs. 

The objective of this setup is to inherit all the security information found in the SecurityID and SecurityAccess tables via SSO. 

For my question, is this possible through the use of Single Sign On and how will this be implemented? If this is not possible, can you suggest other ways in order to pass these security information? Thank you.

 

Best regards,

Jaimeee

1 ACCEPTED SOLUTION

Hi, @ja1meee 

 

To check if your Azure AD role has taken effect in Power BI, you can follow these steps:

1. Open the Power BI service and navigate to the workspace in question.

2. Click on the gear icon in the top right corner and select "Workspace settings" from the dropdown menu.

3. In the left-hand menu, select "Manage Access" to view the access settings for the workspace.

4. Here, you should see a list of all the users and groups that have been granted access to the workspace, along with their role. If your Azure AD role has taken effect, you should see your account listed here with the "Reporting Workspace - Contributor" role.

 

Best Regards,

Community Support Team _Charlotte

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

3 REPLIES 3
v-zhangti
Community Support
Community Support

Hi, @ja1meee 

 

You can use Single Sign-On (SSO) to enable seamless connectivity between Power BI and Azure Active Directory (Azure AD). SSO allows users to access cloud data sources that rely on Azure AD-based authentication. When you configure Azure AD SSO on the on-premises data gateway for an applicable data source, queries run under the Azure AD identity of the user that interacts with the Power BI report.

 

To enable SSO, you can configure your gateway with the following SSO options: Active Directory (AD) SSO, which includes Kerberos constrained delegation, Security Assertion Markup Language (SAML), and Azure AD SSO. You can also configure a tenant-level setting in the Power BI admin portal to allow only Power BI service admins to enable this feature for a tenant.

Overview of single sign-on for on-premises data gateways - Power BI | Microsoft Learn

Azure Active Directory (Azure AD) SSO - Power BI | Microsoft Learn

 

Best Regards,

Community Support Team _Charlotte

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Hi @v-zhangti ,

 

Thank you for your response. 

 

Following up on my question, how can I check on the Power BI Workspace if these Azure Roles have taken effect?

 

For example, suppose there is a role called "Reporting Workspace - Contributor " in the Azure Active Directory and my account has been granted that role. My question is this: Is there a way on the Power BI workspace to see what Azure AD role have I been granted? I was only given workspace administration permission that is why I just want to confirm if I can validated anything with the current Power BI workspace role I was given. 

 

Thank you

Hi, @ja1meee 

 

To check if your Azure AD role has taken effect in Power BI, you can follow these steps:

1. Open the Power BI service and navigate to the workspace in question.

2. Click on the gear icon in the top right corner and select "Workspace settings" from the dropdown menu.

3. In the left-hand menu, select "Manage Access" to view the access settings for the workspace.

4. Here, you should see a list of all the users and groups that have been granted access to the workspace, along with their role. If your Azure AD role has taken effect, you should see your account listed here with the "Reporting Workspace - Contributor" role.

 

Best Regards,

Community Support Team _Charlotte

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
RTI Forums Carousel3

New forum boards available in Real-Time Intelligence.

Ask questions in Eventhouse and KQL, Eventstream, and Reflex.

MayPowerBICarousel

Power BI Monthly Update - May 2024

Check out the May 2024 Power BI update to learn about new features.

Top Solution Authors