Julius Henderson on 05 Jun 2024 15:44:16
Dataflows (both Gen 1 and Gen 2) do not support SSO. Unfortunately it simply bypasses SSO, allowing the user to see what the Power BI / Fabric Connection service account has for access. This bypasses security controls and introduces a significant security issue. Please address this issue. Options include:
- Updating your documentation to state that Dataflows bypass the SSO option of your Connection completely.
- Make it so if a Dataflow sources a Connection with the SSO option it errors or fails, instead of silently bypassing it.
- Making SSO work with Dataflows.
- Allow for Dataflow only Connections.
- Comments (1)
RE: Not Supporting SSO for Dataflows Introduces a Security Issue
They addressed it by stating in the documentation that only semantic models support sso.It's quite baffling how Microsoft can promote Dataflows as the solution for reuse and efficiency while ommiting this glaring security issue.Having the enterprise Gateway ignore sso for dataflows effectively removes any security control for analysts using anything except semantic models.As it stands, it seems that Microsoft currently does not have a solution for enterprise scenarios where you need:Efficient acces to on-prem dataAccess control (security)Which seem to me quite basic requirements for any data enterprise aspiring solution.