6 minute read · October 25, 2022

Announcing SSO for Dremio Cloud and Power BI

Jeremiah Morrow

Jeremiah Morrow · Product Marketing Director, Iceberg Lakehouse Management, Dremio

The Dremio Open Data Lakehouse and Microsoft Power BI enable a wide range of data consumers to make decisions based on their organization’s data regardless of its physical location, without moving or copying the data. Power BI enables self-service analytics at enterprise scale, and Dremio extends self-service capabilities with its semantic layer, allowing organizations to easily join and query data in place using simple SQL statements.

As more data consumers directly access and manipulate data, transparency and accurate reporting on who is consuming analytics and when reports are running is critical from a governance perspective. Previously, Power BI users were limited regarding which credentials flowed through to Dremio, and this issue manifested in two different ways:

  • In a Direct Query use case where the data does not get copied into Power BI, if one user shared a report with another user and the latter accessed the report, the job would show as the report owner’s job in Dremio.
  • If a user is using the on-premises data gateway, which provides a bridge between on-premises data sources and Power BI, then all jobs would show as the administrator’s job in Dremio, regardless of how many end users have access through the on-premises data gateway.

Both of these scenarios created data governance and auditing issues for data teams.

Today, we are excited to announce Azure Active Directory (AAD)-based Single Sign-On (SSO) support for Dremio Cloud and Power BI! Now, whether users are accessing shared reports via Direct Query, or analyzing data using the on-premises data gateway, that user’s credentials will flow all the way through to Dremio Cloud. SSO provides data teams with capabilities like logging and auditing query usage, and it enhances security by providing visibility and access control to data at the table-, row-, and column-levels. Ultimately, SSO gives data teams full visibility into their consumption of Dremio and Power BI.

This feature is available today in Dremio Cloud, Dremio’s SaaS platform for analytics in AWS.

Setting up Power BI SSO for Dremio Cloud

Step 1: Navigate to the “BI Applications” page under the “Organizational” settings in Dremio Cloud.  Input the following information:

  • Check the box next to Enable single sign on for Power BI
  • Azure Active Directory Tenant ID:  (Add the ID of the Azure AD tenant that you will sign into Dremio with.) 

User Claim Mapping: upn (This is necessary to use the new Microsoft token for SSO)

Step 2: Create reports and data sources using the new SSO option. 

-In Power BI, create a new data source. Select “Oauth2” as the authentication method and click on “Single Sign-On” as well.

Sample workflow: In the following example, Stephen creates a report, and sends it to his colleague, Rapinder. Here is the original report:

Rapinder receives the report via email:

Rapinder can then access and run the report. The Jobs table in Dremio shows that Rapinder ran the report, not Stephen, providing traceability of all activity in Power BI.

Get Started with Dremio Cloud and Power BI Today

It’s really easy to get started with Dremio Cloud today. Just visit www.dremio.com/get-started/ and sign up for your Forever-Free tier. 

Similarly, get started with Power BI here - https://powerbi.microsoft.com/getting-started-with-power-bi/

Ready to Get Started?

Bring your users closer to the data with organization-wide self-service analytics and lakehouse flexibility, scalability, and performance at a fraction of the cost. Run Dremio anywhere with self-managed software or Dremio Cloud.