Connect to Snowflake in the Power BI service

Connecting to Snowflake in the Power BI service differs from other connectors in only one way. Snowflake has a capability for Microsoft Entra ID, an option for SSO (single sign-on). Parts of the integration require different administrative roles across Snowflake, Power BI, and Azure. You can choose to enable Microsoft Entra authentication without using SSO. Basic authentication works similarly to other connectors in the service.

To configure Microsoft Entra integration and optionally enable SSO:

Power BI service configuration

Admin portal

To enable SSO, a Fabric administrator has to turn on the setting in the Power BI Admin portal. This setting approves sending Microsoft Entra authentication tokens to Snowflake from within the Power BI service. This setting is set at an organizational level. Follow these steps to enable SSO:

  1. Sign in to Power BI using Fabric administrator credentials.

  2. Select Settings from the page header menu, then select Admin portal.

  3. Select Tenant settings, then scroll to locate Integration settings.

    Screenshot of the Admin portal with Snowflake SSO settings highlighted.

  4. Expand Snowflake SSO, toggle the setting to Enabled, then select Apply.

This step is required to consent to sending your Microsoft Entra token to the Snowflake servers. After you enable the setting, it can take up to an hour for it to take effect.

After SSO is enabled, you can use reports with SSO.

Configure a semantic model with Microsoft Entra ID

After a report that's based on the Snowflake connector is published to the Power BI service, the semantic model creator has to update settings for the appropriate workspace so it can use SSO.

For more information including steps for using Microsoft Entra ID, SSO, and Snowflake, see Data gateway support for single sign-on with Microsoft Entra ID.

For information about how you can use the on-premises data gateway, see What is an on-premises data gateway?

If you aren't using the gateway, you're all set. When you have Snowflake credentials configured on your on-premises data gateway, but you're only using that data source in your model, switch the Semantic model settings to off on the gateway for that data model.

Screenshot of the expanded gateway connection settings with the toggle set to off.

To turn on SSO for a semantic model:

  1. Sign in to Power BI using semantic model creator credentials.

  2. Select the appropriate workspace, then choose Settings from the more options menu that's located next to the semantic model name.

    Screenshot of semantic models and dataflows in a workspace with more and settings highlighted.

  3. Select Data source credentials and sign in. The semantic model can be signed into Snowflake with Basic or OAuth2 (Microsoft Entra ID) credentials. By using Microsoft Entra ID, you can enable SSO in the next step.

  4. Select the option End users use their own OAuth2 credentials when accessing this data source via DirectQuery. This setting will enable Microsoft Entra SSO. The Microsoft Entra credentials are sent for SSO.

    Screenshot of the configuration dialog with OAuth2 selected as the authentication method.

After these steps are done, users should automatically use their Microsoft Entra authentication to connect to data from that Snowflake semantic model.

If you choose not to enable SSO, then users refreshing the report will use the credentials of the user who signed in, like most other Power BI reports.

Troubleshooting

If you run into any issues with the integration, see the Snowflake troubleshooting guide.