Using external identity federation and single sign-on with Amazon QuickSight
Applies to: Enterprise Edition and Standard Edition |
Intended audience: System administrators |
Note
IAM identity federation doesn't support syncing identity provider groups with Amazon QuickSight.
Amazon QuickSight supports identity federation in both Standard and Enterprise editions. When you use federated users, you can manage users with your enterprise identity provider (IdP) and use AWS Identity and Access Management (IAM) to authenticate users when they sign in to Amazon QuickSight.
You can use a third-party identity provider that supports Security Assertion Markup Language 2.0 (SAML 2.0) to provide an onboarding flow for your Amazon QuickSight users. Such identity providers include Microsoft Active Directory Federation Services, Okta, and Ping One Federation Server.
With identity federation, your users get one-click access to their Amazon QuickSight applications using their existing identity credentials. You also have the security benefit of identity authentication by your identity provider. You can control which users have access to Amazon QuickSight using your existing identity provider.
Use the following topics to understand using an existing federation with AWS:
-
Identity federation in AWS
on the AWS website -
Providing access to externally authenticated users (identity federation) in the IAM User Guide
-
Enabling SAML 2.0 federated users to access the AWS Management Console in the IAM User Guide
For information from some common providers, see the following third-party documentation:
Okta – Planning a SAML deployment
Ping – Amazon integrations