QuickSight email synchronization for federated users

Note

This feature is available only for the Enterprise edition of Amazon QuickSight.

When IAM users self-provision access to QuickSight, administrators can't control which email address the user provides to QuickSight. Users could enter a personal email address instead of their work email address. This might not be acceptable for some organizations. However, when you're using an identity provider to provide federated access to QuickSight Enterprise edition, QuickSight has a feature that ensures the user's email address in QuickSight matches the user's email address in the identity provider.

In the IdP, you add a SAML attribute for the user's email address. The process for creating the attribute or token differs for each IdP. See the instructions for Okta or IAM Identity Center, or see the documentation for your organization's IdP. The IdP passes the user's email as an IAM Principal session tag. QuickSight uses this session tag instead of prompting the user to provide their email address. For instructions about how to enable this feature, see Configuring email syncing for federated users in the QuickSight documentation.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

IAM Identity Center

Active Directory users