Skip to main content

Microsoft Entra ID single sign-on for the Starburst connector in Power BI (Preview)

When enabling Microsoft Entra ID single sign-on (SSo) for Starburst (Preview) report viewers querying semantic models in DirectQuery mode authenticate to Starburst with their own Entra ID identity, to Starburst's access policies — including row-level and column-level security rules — are evaluated against the actual end user rather than a fixed connection account.

 

Two connectors, one to use

The Starburst connectors are built and maintained by Starburst. Two Starburst entries appear in the Power BI Get Data list. The original Starburst connector remains available for existing reports, but the new SSO experience ships in the Starburst secured by Entra ID connector — pick this one for any new report where you want Entra identities to flow end-to-end, as in the following screenshot.

 

The Starburst secured by Entra ID connector listed in the Power BI Get Data dialog.

Figure: The Starburst secured by Entra ID connector.

 

How it works

The Starburst secured by Entra ID connector supports both Import and DirectQuery semantic models through the on-premises data gateway. However, Entra ID SSO is only relevant for DirectQuery mode. When a viewer opens a report, the underlying DirectQuery semantic model forwards the user's Entra ID token to the gateway, the gateway passes it through to Starburst, and Starburst validates it directly with Entra ID. Starburst then applies its own authorization policies to the authenticated user.

 

Enabling it

Enabling Entra ID SSO for Starburst takes two tenant-level settings plus one setting in the data connector configuration. Both tenant settings live in the Power BI admin portal and require tenant admin rights.

 

First, turn on Enable Starburst SSO. This tenant setting controls whether the Use SSO via Azure AD for DirectQuery queries checkbox appears in the Single sign-on settings for the Starburst secured by Entra ID connection kind.

Second, turn on Microsoft Entra single sign-on for data gateway. This setting is the prerequisite for any Entra ID-based SSO through a data gateway. Without it, the Starburst-specific SSO checkbox stays disabled.

 

Tenant settings in the Power BI admin portal for enabling Entra ID SSO with Starburst.

Figure: Tenant settings for Entra ID SSO with Starburst.

 

Once both tenant settings are on, you can configure the Starburst data source and select Use SSO via Azure AD for DirectQuery queries. From that point on, any DirectQuery semantic model bound to this data connection forwards each user’s Entra ID token to Starburst.

 

The Use SSO via Azure AD for DirectQuery queries checkbox in the Starburst data source settings.

Figure: Use SSO via Azure AD for DirectQuery queries.

 

When to use it

Choose Entra ID SSO whenever you want Starburst's data access policies to apply to the report users in DirectQuery mode rather than a fixed data connection account or when audit or compliance rules prohibit using a single connection credential for all users for data access. If you're already using the original Starburst connector and it meets your needs, you don't have to migrate — existing semantic models continue to refresh as they do today. Switch to the Starburst secured by Entra ID connector if you need Entra ID SSO.

Labels:

Comments

Post a Comment

Hi User,
Thanks for visiting My Blog and please provide your valuable feedback and subscribe for more updates. Please don't post any spam content or comments.
Thank You

Popular posts from this blog

Exception deserializing the package "The process cannot access the file because it is being used by another process."

TITLE: Microsoft Visual Studio ------------------------------ Failed to start project ------------------------------ ADDITIONAL INFORMATION: Exception deserializing the package "The process cannot access the file 'E:\SSASCube\HistoricalDataLoad\HistoricalDataLoad\bin\Development\HistoricalDataLoad.ispac' because it is being used by another process.". (Microsoft.DataTransformationServices.VsIntegration) ------------------------------ The process cannot access the file 'E:\SSASCube\HistoricalDataLoad\HistoricalDataLoad\bin\Development\HistoricalDataLoad.ispac' because it is being used by another process. (mscorlib) ------------------------------ BUTTONS: OK ------------------------------ While running SSIS package i got the error “The process cannot access the file ‘*.ispac’ because it is being used by another process”. I tried to close SSDT and run it again but, I still got the same error while compiling. Then, after searching over internet, I got...
58 comments
Read more

SSRS INTERVIEW QUESTIONS

Q: What is SSRS? Ø   SSRS or SQL Server Reporting Service is a server-based report generation software systems from Microsoft and is part of Microsoft BI. Ø   It is used for preparing and delivering interactive and variety of reports. Ø   It is administered through an web based interface. Ø   Reporting services utilizes a web service interface for supporting and developing of customized reporting applications. Ø   SSRS lets you create very rich reports (Tabular/Graphical/Interactive) from various datasources with rich data visualization (Charts, Maps, sparklines) Ø   SSRS allows are reports to be exported in various formats (Excel, PDF, word etc) Q: Explain SSRS Architecture? Reporting services architecture comprises of integrated components. It is a multi-tiered, included with application, server and data layers. This architecture is scalable and modular. A single installation can be used across multiple computers. It includes the fo...
3 comments
Read more

Failed to execute the package or element. Build errors were encountered

Error: TITLE: Microsoft Visual Studio ------------------------------ Failed to execute the package or element.   Build errors were encountered. For more information, see the Output window. ------------------------------ BUTTONS: OK ------------------------------   Solution: We tried to close SSDT and run it again but, we still got the same error while running SSIS package. Then, we need to follow bellow solution: Step 1: Go to Task Manager–> Details Tab. Step 2: Locate the process “ DtsDebugHost.exe “. Kill this process. There might be multiple instances of this process. Kill all of them. Step 3: Rerun SSIS package
31 comments
Read more