Connect to Snowflake in the Power BI service
Connecting to Snowflake in the Power BI service differs from other connectors in only one way. Snowflake has a capability for Azure Active Directory (Azure AD), an option for SSO (single sign-on). Parts of the integration require different administrative roles across Snowflake, Power BI, and Azure. You can choose to enable Azure AD authentication without using SSO. Basic authentication works similarly to other connectors in the service.
To configure Azure AD integration and optionally enable SSO:
- If you're the Snowflake admin, see Power BI SSO to Snowflake in the Snowflake documentation.
- If you're a Power BI admin, go to the Admin portal section to enable SSO.
- If you're a Power BI dataset creator, go to the Configure a dataset with Azure AD section to enable SSO.
Power BI service configuration
To enable SSO, a global admin has to turn on the setting in the Power BI Admin portal. This setting approves sending Azure AD authentication tokens to Snowflake from within the Power BI service. This setting is set at an orginaztional level. Follow these steps to enable SSO:
Sign in to Power BI using global admin credentials.
Select Settings from the page header menu, then select Admin portal.
Select Tenant settings, then scroll to locate Integration settings.
Expand Snowflake SSO, toggle the setting to Enabled, then select Apply.
This step is required to consent to sending your Azure AD token to the Snowflake servers. After you enable the setting, it can take up to an hour for it to take effect.
After SSO is enabled, you can use reports with SSO.
Configure a dataset with Azure AD
After a report that's based on the Snowflake connector is published to the Power BI service, the dataset creator has to update settings for the appropriate workspace so it can use SSO.
For more information including steps for using Azure AD, SSO, and Snowflake, see Data gateway support for single sign-on with Azure AD.
For information about how you can use the on-premises data gateway, see What is an on-premises data gateway?
If you aren't using the gateway, you're all set. When you have Snowflake credentials configured on your on-premises data gateway, but you're only using that data source in your model, switch the Dataset settings to off on the gateway for that data model.
To turn on SSO for a dataset:
Sign in to Power BI using dataset creator credentials.
Select the appropriate workspace, then choose Settings from the more options menu that's located next to the dataset name.
Select Data source credentials and sign in. The dataset can be signed into Snowflake with Basic or OAuth2 (Azure AD) credentials. By using Azure AD, you can enable SSO in the next step.
Select the option End users use their own OAuth2 credentials when accessing this data source via DirectQuery. This setting will enable Azure AD SSO. Whether the first user signs in with Basic authentication or OAuth2 (Azure AD), the Azure AD credentials are sent for SSO.
After these steps are done, users should automatically use their Azure AD authentication to connect to data from that Snowflake dataset.
If you choose not to enable SSO, then users refreshing the report will use the credentials of the user who signed in, like most other Power BI reports.
If you run into any issues with the integration, see the Snowflake troubleshooting guide.
Submit and view feedback for