Embedding the Full Functionality of the Amazon QuickSight Console - Amazon QuickSight

Embedding the Full Functionality of the Amazon QuickSight Console

 Applies to: Enterprise Edition 

With Enterprise edition, in addition to providing read-only dashboards you can also provide the Amazon QuickSight console experience in a custom-branded authoring portal. Using this approach, you allow your users to create data sources, datasets, and analyses. In the same interface, they can create, publish, and view dashboards. If you want to restrict some of those permissions, you can also do that.

Users who access QuickSight through an embedded console need to belong to the author or admin security cohort. Readers don't have enough access to use the QuickSight console for authoring, regardless of whether it's embedded or part of the AWS console. However, authors and admins can still access embedded dashboards. If you want to restrict permissions to some of the authoring features, you can add a custom permissions profile to the user with the UpdateUser API operation. Use the RegisterUser API operation to add a new user with a custom permission profile attached. For more information, see the following sections:

In general, embedding a QuickSight console session in your webpage or app involves the following steps:

  1. In your AWS account, set up permissions for the people who are going to be using the embedded QuickSight console experience. If they already have author or admin level permissions, you don't need to make any changes.

    Verify that your users can be authenticated through IAM, AWS Managed Microsoft AD, SAML, or WebIdentity. Create or choose an IAM role that grants permissions to become a reader in Amazon QuickSight and to retrieve the specific embedded dashboard. These permissions can be configured by an AWS administrator.

  2. Explicitly enable the domains where you plan to embed your Amazon QuickSight. You do this by using the Manage QuickSight option, which is available only to Amazon QuickSight administrators. There is an option to add subdomains as part of a domain. For more information, see Adding Domains for Embedded Users. All domains in use (such as development, staging, and production) must be explicitly allowed, and they must use HTTPS.

  3. On your application server, authenticate the user and get the embedded QuickSight console session URL by using one of the AWS SDKs to run the GetSessionEmbedUrl API operation. Use the URL with the provided authorization code within five minutes of using the API operation to generate it.

  4. On your application page, embed the URL provided by the GetSessionEmbedUrl API operation. To simplify this process you can use the Amazon QuickSight Embedding SDK, available on NPMJS and GitHub. This customized JavaScript SDK is designed to help you efficiently integrate embedded Amazon QuickSight sessions into your application pages, set defaults, connect controls, and handle errors.