Change Power BI Report Server Azure AD to OKTA

Raj 96 Reputation points
2023-02-09T04:13:43.58+00:00

We have our .NET Web Applications, Report Server setup with Azure AD and users are given access to apps and reports using either their Windows User ID or Groups. Now we are planning to use OKTA and were successfully able to integrate with apps.

In case of Reports that includes SSRS as well as Power BI we tried to implement Custom Security as per the below doc:

https://github.com/microsoft/Reporting-Services/blob/master/CustomSecuritySample/README.md

but weren't successful.

  1. Any sample available that shows how to setup OKTA auth in Report Server?
  2. What can we do to avoid re-establishing entire access control that was setup at the time of Azure AD using DomainName\UserID which now OKTA provides as ******@companyname.com.
  3. Apps had Windows Auth enabled at the time of Azure AD and when OKTA was implemented, we started getting browser login prompt. We had to enable Anonymous Access in IIS to avoid this. Is it the right way to do?

Note: All users are internal to organization but can access apps and reports via internet.

Thanks in advance!

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Identity Manager
{count} votes

2 answers

Sort by: Most helpful
  1. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2023-02-15T10:05:26.9466667+00:00

    Hi @Raj ,

    Thanks for reaching out.

    I understand you are trying to migrate from Azure AD to Okta for authentication for your .NET web applications and report servers.

    1.Any sample available that shows how to setup OKTA auth in Report Server?

    Unfortunately, there isn't a specific sample that shows how to set up OKTA authentication in a Report Server. However, you can use the link you shared to implement custom authentication in your report server using OKTA.

    Could you please confirm what are the issue you are facing while configuring the same.

    **2.What can we do to avoid re-establishing entire access control that was setup at the time of Azure AD using DomainName\UserID which now OKTA provides as ****@companyname.com.

    One way to avoid re-establishing the entire access control that was set up with Azure AD is to use the same user IDs in Okta as you were using in Azure AD. For example, if your users were using the format "DomainName\UserID" in Azure AD, you can set up Okta to use the same format, such as "DomainName[******@companyname.com](******@companyname.com)".

    3.Apps had Windows Auth enabled at the time of Azure AD and when OKTA was implemented, we started getting browser login prompt. We had to enable Anonymous Access in IIS to avoid this. Is it the right way to do?

    Regarding the browser login prompt, it's not recommended to enable Anonymous Access in IIS to avoid this. It's a security risk to allow anonymous access to sensitive data. Instead, you can try configuring the application to use Okta for authentication. You can check out the Okta documentation for more information on how to set up Okta for .NET web applications.

    Hope this will help.

    Thanks,

    Shweta

    0 comments No comments

  2. Alexander Martinez 0 Reputation points
    2023-08-28T14:31:42.36+00:00

    The enterprise portal platform Fuse UX Hub supports PBI Report server SSO with practically any IDP. Site here - https://www.etagtechnologies.com

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.