Authentication Configuration
DataCentral supports multiple authentication methods to accommodate both internal employees and external partners. You can configure these methods under Administration > Settings > Authentication.
1. Entra ID (Azure AD)
This is the recommended method for internal employees and users who already have a Microsoft 365 account.
- How it works: Users log in using their existing Microsoft credentials. DataCentral uses OpenID Connect (OIDC) to authenticate the user against your Entra ID tenant.
- Requirements: You must register an application in your Azure portal and provide the Client ID, Tenant ID, and Client Secret to DataCentral.
- Read the full Entra ID Integration Guide
2. User Pass
This method allows you to create local accounts within DataCentral. This is ideal for external partners or customers who do not use Microsoft 365.
- How it works: Administrators create a username and password for the user directly within the DataCentral UI.
- Requirements: Users must be assigned a "User Pass" identity type when created.
- Note: User Pass accounts rely on a Service Principal to access Power BI reports (App Owns Data), as they do not have their own Power BI Pro licenses.
3. Mobile ID
Mobile ID provides a secure, passwordless login experience using a mobile device.
- How it works: Users enter their mobile number. A secure prompt is sent to their device, requiring biometric authentication (e.g., Face ID or Touch ID) to approve the login.
- Requirements: Mobile ID integration must be enabled for your Tenant (available on Pro tiers and above).
- Note: Like User Pass accounts, Mobile ID users rely on a Service Principal to access Power BI reports.
4. Mixed Authentication
You can enable multiple authentication methods simultaneously. For example, you might use Entra ID for your internal staff while providing User Pass accounts to your external clients.
When multiple methods are enabled, users will see a login screen offering them the choice of how to authenticate.