Book a demo

BI Tool Configuration Recommendations

Immuta can enforce policies on data in your dashboards when your BI tools are connected directly to your compute layer.

This page provides recommendations for configuring the interaction between your database, BI tools, and users.

Connect directly to the database instead of extracts or imports

To ensure that Immuta applies access controls to your dashboards, connect your BI tools directly to the compute layer where Immuta enforces policies without using extracts. Different tools may call this feature different names (such as live connections in Tableau or DirectQuery in Power BI).

Connecting your tools directly to the compute layer without using extracts will not impact performance and provides host of other benefits. For details, see Moving from legacy BI extracts to modern data security and engineering.

Use personal credentials to authenticate and query data

Personal credentials need to be used to query data from the BI tool so that Immuta can apply the correct policies for the user accessing the dashboard. Different authentication mechanisms are available, depending on the BI tool, connector, and compute layer. However, Immuta recommends to use one of the following methods:

  • Use OAuth single sign (SSO) on when available, as it offers the best user experience.

  • Use username and password authentication or personal access tokens as an alternative if OAuth is not supported.

  • Use impersonation if you cannot create and authenticate individual users in the compute layer. Impersonation allows users to query data as another Immuta user. For details, see the user impersonation guide.

For configuration guidance, see Power BI configuration example and Tableau configuration example.

Authentication method matrix

Immuta has verified several popular BI tool and compute platform combinations. The table below outlines these combinations and their recommended authentication methods. However, since these combinations depend on tools outside Immuta, consult the platform documentation to confirm these suggestions.

Amazon Redshift
Azure Synapse Analytics
AWS Databricks
Azure Databricks
Google BigQuery
Snowflake
Starburst

Power BI client

OAuth/SSO

Not tested

OAuth/SSO

OAuth/SSO

Not tested

OAuth/SSO

OAuth/SSO

Power BI service

OAuth/SSO

Not tested

Databricks personal access token (PAT)

OAuth/SSO

Not tested

OAuth/SSO

Tableau Desktop

Username and password

OAuth/SSO

OAuth/SSO

OAuth/SSO

OAuth/SSO

OAuth/SSO

Username and password

Tableau Server

Username and password

OAuth/SSO

OAuth/SSO

OAuth/SSO

OAuth/SSO

OAuth/SSO

Username and password

QuickSight

PreviousBI ToolsNextPower BI Configuration Example

Last updated

Was this helpful?