# Power BI Configuration Example

## Specify authentication method

When creating a data source in Power BI, specify **Microsoft Account** as the authentication method, if available. This setting allows you to use your enterprise SSO to connect to your compute platform.

## Set up DirectQuery

After connecting to the compute platform and the tables to use for your data source, select **DirectQuery** to connect to the data source. This setting is required for Immuta to enforce policies.

## Publish data

After you publish the datasets to the Power BI service, force users to use their personal credentials to connect to the compute platform by following the steps below.

1. Enable SSO in the tenant admin portal under **Settings -> Admin portal -> Integration settings**.
2. Find the option to manage **Data source credentials** under **Settings -> Datasets**.
3. For most connectors you can enable **OAuth2** as the authentication method to the compute platform.
4. Enable the option **Report viewers can only access this data source with their own Power BI identities using DirectQuery**. This forces end-users to use their personal credentials.

## Resources

* Snowflake guides:
  * <https://www.snowflake.com/blog/using-sso-between-power-bi-and-snowflake>
  * <https://docs.snowflake.com/en/user-guide/oauth-powerbi>
* Databricks guide: <https://learn.microsoft.com/en-us/azure/databricks/partners/bi/power-bi#access-azure-databricks-data-source-using-the-power-bi-service>
* Redshift guide: <https://aws.amazon.com/blogs/big-data/integrate-amazon-redshift-native-idp-federation-with-microsoft-azure-ad-and-power-bi>