Events
Power BI DataViz World Championships
Feb 14, 4 PM - Mar 31, 4 PM
With 4 chances to enter, you could win a conference package and make it to the LIVE Grand Finale in Las Vegas
Learn moreThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
The on-premises data gateway supports Active Directory (AD) SSO for connecting to your on-premises data sources that have Active Directory configured. AD SSO includes both Kerberos constrained delegation and Security Assertion Markup Language (SAML). For more information on SSO and the list of data sources supported for AD SSO, see Overview of single sign-on (SSO) for on-premises data gateways in Power BI.
A query that runs with SSO consists of three steps, as shown in the following diagram.
Here are more details about each step:
The Power BI service includes the user principal name (UPN) for each query. The UPN is the fully qualified username of the user currently signed in to the Power BI service when the query request is sent to the configured gateway.
The gateway must map the Microsoft Entra UPN to a local Active Directory identity:
a. If Microsoft Entra DirSync (also known as Microsoft Entra Connect) is configured, then the mapping works automatically in the gateway. b. Otherwise, the gateway can look up and map the Microsoft Entra UPN to a local AD user by performing a lookup against the local Active Directory domain.
The gateway service process impersonates the mapped local user, opens the connection to the underlying database, and then sends the query. You don't need to install the gateway on the same machine as the database.
Now that you understand the basics of enabling SSO through the gateway, read more detailed information about Kerberos and SAML:
Events
Power BI DataViz World Championships
Feb 14, 4 PM - Mar 31, 4 PM
With 4 chances to enter, you could win a conference package and make it to the LIVE Grand Finale in Las Vegas
Learn moreTraining
Module
Using single sign-on (SSO) with Office Add-ins - Training
This module explains how to use single sign-on in Office Add-ins.
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.