Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Prepping for a Fabric certification exam? Join us for a live prep session with exam experts to learn how to pass the exam. Register now.

Reply
Starriver
Advocate III
Advocate III

Urgent: Deprecation of single-factor password for Snowflake by November 2025

‎04-30-2025 08:06 AM

I do want to reach out to you an ask if you might have the same issue as we will have after November 2025 with Snowflake together with Power BI, as the service users with single-factor will be depreceated:

 

Let me explain shortly our landscape to you, so that you have a better understanding:

We do have 2 developers which role out changes to our Snowflake data warehouse (with DBT). Those 2 developers have MFA over Key-pair authentication activated and the MFA done at the beginning will be chached for aprox 2 to 4 hours.

Rollout will be done on:

  • Global MART's: furthermore hour marts are divided into a Group-Mart where data out of multiple companies are implemented and will be taken to make global reports
  • Local MART's: As we do have some power bi developers in our companies we prepare them the data in their mart in order that they work only with data which they can have access to

Power BI Workspace Landscape:

  • One global Workspace: We do have a Group Workspace where global reports (with RLS implemented) are published
  • Lots of local workspaces: lots of Local Workspaces do exist where the local Power BI Developer can publish their reports

For each workspace of these workspaces we have setup also a service user, which have only access to their specific MARTS. (We avoided that user use their account to be save from password changes, a developer leaving etc.). These users are single-factor password LEGACY_SERVICE users which will be deprecatiated in November 2025.

 

The only possibility we see so far is, that we change the service Users to "real AD Users" and activate SSO for them. The drawback we have is, for each of these users we need to assign a separate Power BI Licence.

 

The only thing we see at the horizon is:

Snowflake has PAT in private preview:

It would be very helpfull to know what other users are doing regarding this, or what Microsoft is doing regarding this.

 

Message 1 of 3
250 Views
0
1 ACCEPTED SOLUTION
v-saisrao-msft
Community Support
Community Support

‎04-30-2025 11:40 PM

Hi @Starriver,
Thank you for reaching out to the Microsoft Fabric Forum Community.

 

Thanks for raising this important concern many organizations are in a similar situation with the upcoming deprecation of single-factor authentication in Snowflake by November 2025, especially when it comes to Power BI service accounts.  

A promising long-term solution would be key-pair authentication, which Snowflake supports and recommends for secure, password less access. This method fits well with service accounts and avoids dependency on password rotation or user-based licensing. Unfortunately, as you pointed out, Power BI does not currently support this method, but I highly encourage you to upvote the relevant Power BI idea and engage with Microsoft directly, as there seems to be growing interest in enabling this feature. 

Snowflake’s Programmatic Access Tokens are being designed specifically for use cases like this, including integrations with BI tools such as Power BI. Offer token-based, secure, and non-interactive access, potentially solving the service account problem without needing AD-based SSO or additional Power BI licenses. 

OAuth via Microsoft Entra ID is fully supported by both Power BI and Snowflake and complies with the upcoming MFA requirements. While this may involve licensing costs for each AD-based user, you might explore Power BI Embedded or service principal-based access as a way to reduce user-based licensing, depending on how reports are consumed.

 

If this post helps, then please give us ‘Kudos’ and consider Accept it as a solution to help the other members find it more quickly.

 

Thank you. 

 

 

View solution in original post

Message 2 of 3
210 Views
2 REPLIES 2
v-saisrao-msft
Community Support
Community Support

‎05-04-2025 09:44 PM

Hi @Starriver,
I hope this information is helpful. Please let me know if you have any further questions or if you'd like to discuss this further. If this answers your question, please Accept it as a solution and give it a 'Kudos' so others can find it easily.
Thank you.

Message 3 of 3
124 Views
0
v-saisrao-msft
Community Support
Community Support

‎04-30-2025 11:40 PM

Hi @Starriver,
Thank you for reaching out to the Microsoft Fabric Forum Community.

 

Thanks for raising this important concern many organizations are in a similar situation with the upcoming deprecation of single-factor authentication in Snowflake by November 2025, especially when it comes to Power BI service accounts.  

A promising long-term solution would be key-pair authentication, which Snowflake supports and recommends for secure, password less access. This method fits well with service accounts and avoids dependency on password rotation or user-based licensing. Unfortunately, as you pointed out, Power BI does not currently support this method, but I highly encourage you to upvote the relevant Power BI idea and engage with Microsoft directly, as there seems to be growing interest in enabling this feature. 

Snowflake’s Programmatic Access Tokens are being designed specifically for use cases like this, including integrations with BI tools such as Power BI. Offer token-based, secure, and non-interactive access, potentially solving the service account problem without needing AD-based SSO or additional Power BI licenses. 

OAuth via Microsoft Entra ID is fully supported by both Power BI and Snowflake and complies with the upcoming MFA requirements. While this may involve licensing costs for each AD-based user, you might explore Power BI Embedded or service principal-based access as a way to reduce user-based licensing, depending on how reports are consumed.

 

If this post helps, then please give us ‘Kudos’ and consider Accept it as a solution to help the other members find it more quickly.

 

Thank you. 

 

 

Message 2 of 3
211 Views

Helpful resources

Announcements
PBIApril_Carousel

Power BI Monthly Update - April 2025

Check out the April 2025 Power BI update to learn about new features.

Notebook Gallery Carousel1

NEW! Community Notebooks Gallery

Explore and share Fabric Notebooks to boost Power BI insights in the new community notebooks gallery.

April2025 Carousel

Fabric Community Update - April 2025

Find out what's new and trending in the Fabric community.

View All
Top Solution Authors
View All