Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more.
Get startedGrow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.
Hello guys,
I'm trying to setup SSO on SAP Hana datasource. I'm running out of ideas, any help would be appreciated 🙂
In my organization we got parent-child AD environment, lets name these domains 'ParentDomain' and 'Child1Domain'. My organizational account is in Child1Domain.
At the moment I got following configuration:
Service account with configured constrained delegation (any protocol) which runs Gateway - ParentDomain/ServiceAccount
While invoking report i get
Microsoft.PowerBI.DataMovement.Pipeline.Diagnostics.FailedToImpersonateUserException: Failed to impersonate user <pi>MyAccount@Child1Domain</pi>; ErrorShortName: FailedToImpersonateUserException/FailedToImpersonateUserException/SecurityException
Below there is also:
Microsoft.PowerBI.DataMovement.Pipeline.Diagnostics.FailedToImpersonateUserException: Failed to impersonate user UserId
I used to have different configuration which was failing few steps later, in delegation process. Impersonation worked just fine.
Service account with unconstrained delegation (any services) - Child1Domain/ServiceAccount
When invoking the report i was getting
Is it possible to configure my multi domain environment so that it works for users in child domains while service account in in parent domain?
I suspect that my current configuration fails because services account tries to impersonate my account in parent domain instead of child domain/entire directory. I don't know if there is any way of configuring that. Strange thing is that when I changed
"ADUserNameLookupProperty" and "ADUserNameReplacementProperty" properties gateway correctly replaced my UPN, so it finds my account in AD.
Does anyone knows what am i doing wrong/how to configure it properly?
Hi @tomejek,
As I was not able to reproduce your scenario on my current environment, you could create a support ticket here for further analysis.
Regards,
Yuliana Gu
Hi @v-yulgu-msft,
I've already submitted ticket about week ago. I just thought someone from community tackled similar issue before and could share his thoughts on the problem.
BR,
Tomasz