Adding users and subscriptions to an Amazon Q Business application - Amazon Q Business

Adding users and subscriptions to an Amazon Q Business application

As an admin, you can add users to your IAM Identity Center instance from the Amazon Q Business console.

After you add users or groups to an application environment, you can then choose the Amazon Q Business tier for each user or group.

On successful completion, Amazon Q Business returns a web experience URL that you can share with the end users you added to your application environment.

Before adding subscriptions to an Amazon Q Business application environment, make sure to go through the Before you begin section.

The following tabs provide a procedure for the AWS Management Console and code examples for the AWS CLI.

Console

To add users and groups with their subscriptions to your Amazon Q Business application

  1. To add users or groups, from Manage access, select the Users or Groups tab, then select Add groups and users. Then, depending on how you're integrating Amazon Q Business with IAM Identity Center, do the following:

    1. If you're using a pre-configured IAM Identity Center instance with users and groups already configured, Amazon Q Business detects the users you have configured in IAM Identity Center. You can choose to assign users from your IAM Identity Center directory.

      1. In this case, in the Add or assign users and groups dialog box that opens, select Assign existing users and groups. Then, select Next.

      2. Then, in the Assign users and groups dialog box that opens, type and select the name of the user or group that you want to assign. Then select Assign.

        Note

        Search for users using their name, and not their user ID or email alias.

      3. From the Users page, After Amazon Q Business finishes assigning the user to your application, select the subscription type to assign to your user from Current subscription.

        Note

        The default subscription type assigned to a user is Q Business Pro.

        Important

        If you add a user to a group in IAM Identity Center and have given that group access to your application, it can take up to 24 hours for the change to take effect and for the user to be able to access your Amazon Q Business application.

    2. If you've created a minimally-configured IAM Identity Center instance from within the Amazon Q Business console for your Amazon Q Business application, you can enter the details of your users or users within a group to add them to your application environment and IAM Identity Center instance.

      1. In this case, in the Add new users dialog box that opens, enter the details of your user. Then select Next and Add.

        If you want to add another user or multiple users, select Add new user and enter the user details before you select Add. Then, select Assign.

        The user is automatically added to an IAM Identity Center directory.

      2. The details you must enter for a single user include:

        • Username – A username is required for an user to sign into the AWS access portal. You can't change the username later. Maximum length 128 characters. Can only contain alphanumeric characters or any of the following: +=,.@-_

        • First name – First name of user.

        • Last name – Last name of user.

        • Email address – Email address of user.

        • Confirm email address – Enter email address again to confirm it.

        • Display name – The display name assigned to your user.

  2. In Web experience service access, enter the following information:

    • For Choose a method to authorize Amazon Q Business – A service access role assumed by end users when they sign in to your web experience that grants them permission to start and manage conversations Amazon Q Business. You can choose to use an existing role or create a new role.

    • Service role name – A name for the service role you created for easy identification on the console.

  3. Select Done.

AWS CLI

To add users to an application environment (subscriptions for users is only available in the console)


aws sso-admin create-application-assignment \
--application-arn idc-app-arn \
--principal-id idc-user-ID \
--principal-type USER

To add groups to an application environment (subscriptions for groups is only available in the console)


aws sso-admin create-application-assignment \
--application-arn idc-app-arn \
--principal-id idc-group-ID \
--principal-type GROUP