Power BI SSO solution by miniOrange provides secure access and full control over multiple applications to enterprise users . Power BI SSO let users to Single Sign-On into Power BI account with one set of login credentials, eliminating user-managed passwords and the risk of phishing. Power BI Single Sign-On leverages the existing on-premise Active Directory infrastructure and provides seamless integration without the need to manage multiple on-premise and cloud identities.
miniOrange supports both IdP (Identity Provider) and SP (Service Provider) initiated Single Sign-on (SSO)
In IdP Initiated Login, SAML request is initiated from miniOrange IdP.
miniOrange provides user authentication from external directories like Microsoft Active Directory, Azure AD,AWS Cognito etc.
1. Sync On-Premise Active Directory with Azure Active Directory
NOTE: If you want to use your On-Premise Active Directory as a user store to Single Sign-On into Power BI then follow the below steps to sync your AD and Azure AD.
2. Verify your UPN Domain in Azure Portal
Single Sign-On into Power BI requires a custom branded URL to be set. Access to miniOrange and connected resources will need to be through the custom branded URL in the format: https://<custom_domain>.xecurify.com/moas
cd ./Downloads powershell -ExecutionPolicy ByPass -File federate_domain.ps1
6.1: Configure 2FA for miniOrange Admin Dashboard.
6.2: Enable 2FA for Users of Power BI application.
7.1: Restricting access to Power BI with IP Blocking
You can use adaptive authentication with Power BI Single Sign-On (SSO) to improve the security and functionality of Single Sign-On. You can allow a IP Address in certain range for SSO or you can deny it based your requirements and you can also challenge the user to verify his authenticity. Adaptive authentication manages the user authentication bases on different factors such as Device ID, Location, Time of Access, IP Address and many more.You can configure Adaptive Authentication with IP Blocking in following way:
|Allow||Allow user to authenticate and use services if Adaptive authentication condition is true.|
|Challenge||Challenege users with one of the three methods mentioned below for verifying user authenticity.|
|Deny||Deny user authentications and access to services if Adaptive authentication condition is true.|
|User second Factor||The User needs to authenticate using the second factor he has opted or assigned for such as
|KBA (Knowledge-based authentication)||The System will ask user for 2 of 3 questions he has configured in his Self Service Console. Only after right answer to both questions user is allowed to proceed further.|
|OTP over Alternate Email||User will recieve a OTP on the alternate email he has configured threw Self Service Conolse. Once user provides the correct OTP he is allowed to proceed further.|
7.2: Adaptive Authentication with Limiting number of devices.
Using Adaptive Authentication you can also restrict the number of devices the end user can access the Services on. You can allow end users to access services on a fixed no. of devices. The end users wii be able to access services provided by us on this fixed no. of devices.You can cofigure Adaptive Authentication with Device Restriction in follwing way
7.3: Add Adaptive Authentication policy to Power BI.
1. Using SP initiated login :-
2. Using IdP initiated login :-
For further details refer following Documents :
miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.Try Now
We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at -
+1 978 658 9387 (US) , +91 97178 45846 (India) | email@example.com