Share via

Custom SSO/Form based authentication for PowerBI Onpremise Report Server

Vishal Singh 0 Reputation points
2025-10-10T09:35:42.12+00:00

We have a Unified Portal and that Portal has its own SSO authentication. That portal consist of many other portals within and now we are thinking about adding Analytics to the same. What we need is when a user logs in via SSO they can go to analytics and see the data based on RLS. Now we can go with Fabric Service. We can only go with PowerBI Report Server On Premise. Now the challenge we are facing is the powerbi report server only provide windows based authentication as native authentication. This is okay for 10-20 users but our user base is 70000 and dynamic i.e. people gets deactivated and then other users are onboarded. Now how can I make sure that the PowerBI Report Server does get user info and then logs it to the report with RLS seemlessly without having to type credentials again

Developer technologies | C#
Developer technologies | C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Susmitha T (INFOSYS LIMITED) 755 Reputation points Microsoft External Staff
    2025-10-16T07:13:42.3733333+00:00

    Thanks for reaching out!

    Particularly since Power BI Report Server natively supports Windows-based authentication.

     Here are some steps and considerations you can explore based on your requirements:

     1. Custom Authentication Extension: Since you want to leverage SSO, consider creating a custom authentication extension. This allows you to replace the default Windows authentication with your own system. Here's how you can configure a custom authentication:   

    • Modify the rsreportserver.config file to include your custom authentication requirements.    - Implement a custom authentication module in ASP.NET if required.   
    • Ensure your users are authenticated through your Unified Portal and then pass their identity to the Power BI Report Server.

     

     For detailed steps, you can check out the guide on [Configuring custom or forms authentication on the report server] (https://free.blessedness.top/en-us/sql/reporting-services/security/configure-custom-or-forms-authent…."https://free.blessedness.top/en-us/sql/reporting-services/security/configure-custom-or-forms-authentication-on-the-report-server?view=sql-server-ver17).")

     

    2. Using Microsoft Entra and Proxy: If you can set up a Microsoft Entra application proxy, this can help facilitate SSO for external applications. By routing requests through the proxy, you might avoid the Windows Auth limitation. Here are the steps to set this up:

    • Create and configure an application in Microsoft Entra for your Power BI Report Server.   

    Follow the steps outlined in [Configure Power BI Report Server with Microsoft Entra application proxy] (https://free.blessedness.top/en-us/power-bi/report-server/microsoft-entra-application-proxy?wt.mc_id…."https://free.blessedness.top/en-us/power-bi/report-server/microsoft-entra-application-proxy?wt.mc_id=knowledgesearch_inproduct_azure-cxp-community-insider).")

     

    3.Dynamic User Management: To manage dynamic user onboarding and deactivation, integrate your SSO system with Azure AD or your existing identity management system. This will allow you to automate user permissions in the Power BI Report Server based on real-time membership in your Unified Portal.

     

    4. Row-Level Security (RLS): Make sure your report design includes proper RLS configurations. You'll want the Power BI Report Server to enforce these security settings based on the authenticated user's identity coming from your SSO system.

     

     References:
    [Configure custom or forms authentication on the report server] (https://free.blessedness.top/en-us/sql/reporting-services/security/configure-custom-or-forms-authent…"https://free.blessedness.top/en-us/sql/reporting-services/security/configure-custom-or-forms-authentication-on-the-report-server?view=sql-server-ver17)")
    [Configure Power BI Report Server with Microsoft Entra application proxy] (https://free.blessedness.top/en-us/power-bi/report-server/microsoft-entra-application-proxy?wt.mc_id…"https://free.blessedness.top/en-us/power-bi/report-server/microsoft-entra-application-proxy?wt.mc_id=knowledgesearch_inproduct_azure-cxp-community-insider)")
    [Authentication in a report server] (https://free.blessedness.top/en-us/sql/reporting-services/security/authentication-with-the-report-se…"https://free.blessedness.top/en-us/sql/reporting-services/security/authentication-with-the-report-server?view=sql-server-ver17&wt.mc_id=knowledgesearch_inproduct_azure-cxp-community-insider)")

     

    Let me know if you need any further help with this. We'll be happy to assist.

    If you find this helpful, please mark the response as "answered".

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.