Microsoft BI Authentication and Identity Delegation
Summary: From straightforward client/server designs to complex architectures relying on distributed Windows services, SharePoint applications, Web services, and data sources, Microsoft BI solutions can pose many challenges to seamless user authentication and end-to-end identity delegation. SQL Server technologies and data providers expect to use Windows authentication while SharePoint Server uses Web Services Security (WS-Security). Flowing a user identity from a Windows or browser-based BI client application through a claims-based SharePoint service to a Windows backend system is not always possible due to various limitations in data providers, security protocols, and identity services. Network, forest, and federation topologies also influence the authentication flows. Familiarity with the authentication protocols and capabilities, delegation limitations, and possible workarounds is an indispensable prerequisite to delivering a positive BI user experience across the entire Microsoft BI solution stack in enterprise environments.
Writer: Kay Unkroth
Technical Reviewers: Alex Shteynberg, Andy Wu, Ariel Netz, Ashvini Sharma, Carolyn Rowe, Dave McPherson, Dave Wickert, David Hill, David Maguire, David Vugteveen, Denise Stendera, Diego Oppenheimer, Donny Rose, Dotan Elharrar, Frederic Gisbert, Guy Alroy, Haroon Ahmed, Haydn Richardson, Heidi Steen, Ileana Koller, Il-Sung Lee, Irina Gorbach, James Wu, Joanne Hendrickson, Joe Davies, John Hancock, John Sirmon, Kedar Dubhashi, Kevin Donovan, Mey Meenakshisundaram, Michiko Short, Mike Plumley, Nathaniel Scharer, Nick Simons, Nicolas Menigon, Parul Manek, Peter Brundrett, Prash Shirolkar, Reddy Duggempudi, Rob Lefferts, Robert Bruckner, Robert Skoglund, Sesha Mani, Sunil Gottumukkala, T.K. Anand, Uval Blumenfeld, V.B. Balayoghan, Venky Krishnan, Venky Veeraraghavan, Wayne Clark, Yair Tor, Craig Guyer
Published: January 2015
Applies to: Microsoft Office 2013 and Microsoft SQL Server 2012 Service Pack 1 (or higher)