Identity and access management in Amazon FinSpace
This section explains the identity management and authentication for Amazon FinSpace Managed kdb and Dataset browser.
Identity management for Managed kdb
Amazon FinSpace Managed kdb uses AWS Identity and Access Management (IAM) policies to restrict access to operations.
Whenever you use IAM policies, ensure that you follow IAM best practices. For more information, see Security best practices in the IAM User Guide.
Identity management for Dataset browser
Important
Amazon FinSpace Dataset Browser will be discontinued on November 29,
2024
. Starting November 29, 2023
, FinSpace will no longer accept the creation of new Dataset Browser
environments. Customers using Amazon FinSpace with Managed Kdb Insights
Amazon FinSpace Dataset browser supports two methods for identity management and authentication. A FinSpace dataset browser environment can be created with either of the following methods.
-
Email and password – FinSpace access is controlled via users that are created and managed within the FinSpace application. With email and password based authentication method, users sign in to FinSpace using their email address and password. An environment created with email and password based authentication method cannot be changed to SSO based authentication method in the future. Learn more about Managing user access with email and password.
-
Single Sign-On (SSO) – FinSpace access is controlled through your organization's identity provider (IdP). With this authentication method, users will be redirected to the SSO login page of their Security Assertion Markup Language 2.0 (SAML 2.0) compliant identity provider (IdP) solution to authenticate their access to FinSpace. An environment created with SSO based authentication method cannot be changed to email and password based authentication method in the future. Learn more about creating and managing users with SAML based SSO.