Identity and access management in Amazon FinSpace - Amazon FinSpace

Identity and access management in Amazon FinSpace

This section explains the identity management and authentication for Amazon FinSpace Managed kdb and Dataset browser.

Identity management for Managed kdb

Amazon FinSpace Managed kdb uses AWS Identity and Access Management (IAM) policies to restrict access to operations.

Whenever you use IAM policies, ensure that you follow IAM best practices. For more information, see Security best practices in the IAM User Guide.

Identity management for Dataset browser

Important

Amazon FinSpace Dataset Browser will be discontinued on November 29, 2024. Starting November 29, 2023, FinSpace will no longer accept the creation of new Dataset Browser environments. Customers using Amazon FinSpace with Managed Kdb Insights will not be affected. For more information, review the FAQ or contact AWS Support to assist with your transition.

Amazon FinSpace Dataset browser supports two methods for identity management and authentication. A FinSpace dataset browser environment can be created with either of the following methods.

  1. Email and password – FinSpace access is controlled via users that are created and managed within the FinSpace application. With email and password based authentication method, users sign in to FinSpace using their email address and password. An environment created with email and password based authentication method cannot be changed to SSO based authentication method in the future. Learn more about Managing user access with email and password.

  2. Single Sign-On (SSO) – FinSpace access is controlled through your organization's identity provider (IdP). With this authentication method, users will be redirected to the SSO login page of their Security Assertion Markup Language 2.0 (SAML 2.0) compliant identity provider (IdP) solution to authenticate their access to FinSpace. An environment created with SSO based authentication method cannot be changed to email and password based authentication method in the future. Learn more about creating and managing users with SAML based SSO.