Microsoft announced data gateway support for SSO with Azure AD in August. https://powerbi.microsoft.com/en-us/blog/announcing-data-gateway-support-for-single-sign-on-sso-with-azure-active-directory/
I need to change the service account on the on-premise data gateway from NT SERVICE\xxx to a service account in the same domain as the impersonated user. I have read that this has to be in order for SSO to work.
Microsoft makes has this guide on how to change the service account on the on-premise data gateway, but I get incorrect username or password when I try to change using the syntax DOMAIN\username.
Can this be priviliges? I didn't think the service account needed anything specific. I am sure that password is correct, as I can log into Azure portal with the account.
Make sure to use the on-premises data gateway app to change the service account instead of the Windows Service app. This will ensure that the new account has all the required privileges. Not using the on-premises data gateway app for this purpose could lead to inconsistent logging and other issues. The default account for this service is NT SERVICE\PBIEgwService. Change this account to a domain user account within your Windows Server Active Directory domain, or use a managed service account to avoid having to change the password.
Try To reset the gateway to the default service account and see, for that you need to uninstall and reinstall the gateway. You need the recovery key for this operation. Make sure to have a latest version of on premises data getaway
Please check this troubleshooting guide:Troubleshoot the on-premises data gateway | Microsoft Docs
If you are still facing the issues, I would recommend you submit a support ticket from azure portal
Go to azure portal>> help+support>> click on new support ticket and select particular cloud service that's running the gateway.