Using external identity federation and single sign-on with Amazon QuickSight - Amazon QuickSight

Important: We've redesigned the Amazon QuickSight analysis workspace. You might encounter screenshots or procedural text that doesn't reflect the new look in the QuickSight console. We're in the process of updating screenshots and procedural text.

To find a feature or item, use the Quick search bar.

For more information on QuickSight's new look, see Introducing new analysis experience on Amazon QuickSight.

Using external identity federation and single sign-on with Amazon QuickSight

   Applies to: Enterprise Edition and Standard Edition 
   Intended audience: System administrators 

IAM identity federation doesn't support syncing identity provider groups with Amazon QuickSight.

Amazon QuickSight supports identity federation in both Standard and Enterprise editions. When you use federated users, you can manage users with your enterprise identity provider (IdP) and use AWS Identity and Access Management (IAM) to authenticate users when they sign in to Amazon QuickSight.

You can use a third-party identity provider that supports Security Assertion Markup Language 2.0 (SAML 2.0) to provide an onboarding flow for your Amazon QuickSight users. Such identity providers include Microsoft Active Directory Federation Services, Okta, and Ping One Federation Server.

With identity federation, your users get one-click access to their Amazon QuickSight applications using their existing identity credentials. You also have the security benefit of identity authentication by your identity provider. You can control which users have access to Amazon QuickSight using your existing identity provider.

Use the following topics to understand using an existing federation with AWS:

For information from some common providers, see the following third-party documentation: