Using Identity Federation and Single Sign-on (SSO) with Amazon QuickSight - Amazon QuickSight

Using Identity Federation and Single Sign-on (SSO) with Amazon QuickSight

Applies to: Enterprise Edition and Standard Edition
Intended audience: System administrators

Amazon QuickSight supports identity federation in both Standard and Enterprise editions. When you use federated identities, you can manage users with your enterprise identity provider (IdP) and use AWS Identity and Access Management (IAM) to authenticate users when they sign in to Amazon QuickSight.

You can use a third-party identity provider that supports through Security Assertion Markup Language 2.0 (SAML 2.0) to provide a simple onboarding flow for your Amazon QuickSight users. Such identity providers include Microsoft Active Directory Federation Services, Okta, and Ping One Federation Server.

With identity federation, your users get one-click access to their Amazon QuickSight applications using their existing identity credentials. You also have the security benefit of identity authentication by your identity provider. You can control which users have access to Amazon QuickSight using your existing identity provider.

Use the following topics to understand using an existing federation with AWS:

For information from some common providers, see the following third-party documentation: