Configure your Amazon QuickSight account with IAM Identity Center - Amazon QuickSight

Important: We've redesigned the Amazon QuickSight analysis workspace. You might encounter screenshots or procedural text that doesn't reflect the new look in the QuickSight console. We're in the process of updating screenshots and procedural text.

To find a feature or item, use the Quick search bar.

For more information on QuickSight's new look, see Introducing new analysis experience on Amazon QuickSight.

Configure your Amazon QuickSight account with IAM Identity Center

 Applies to: Enterprise Edition 
   Intended audience: System administrators 

IAM Identity Center helps you securely create or configure your existing workforce identities and manage their access across AWS accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization on AWS for organizations of any size and type. To learn more about IAM Identity Center, see AWS IAM Identity Center.

Configure QuickSight and IAM Identity Center so that you can sign up for a new QuickSight account with an IAM Identity Center configured identity source. With IAM Identity Center, you can configure your external identity provider as an identity source. You can also use IAM Identity Center as an identity store if you don't want to use a third-party identity provider with QuickSight. Identity methods can't be changed after your account is created.

When you integrate your QuickSight account with IAM Identity Center, QuickSight account administrators can create a new QuickSight account that automatically has the identity provider's groups available. This simplifies asset sharing at scale in Amazon QuickSight.

Access to some sections of the QuickSight administration console is restricted by IAM permissions. The following table summarizes the admin actions that you can perform in QuickSight based on the access type that you choose.

To learn more how to sign up for an Amazon QuickSight account with IAM Identity Center, see Signing up for an Amazon QuickSight subscription.

Admin action IAM permissions QuickSight admin role permissions

Manage assets

Yes

Security & permissions

Yes

Manage VPC connections

Yes

KMS keys

Yes

Account settings

Yes

Account customization

Yes

Manage users

Yes

Your subscriptions

Yes

Mobile settings

Yes

Domains and embedding

Yes

SPICE capacity

Yes

Role level custom permissions are supported for accounts that are integrated with IAM Identity Center. User level custom permissions are not supported for QuickSight accounts that are integrated with IAM Identity Center. For more information about customizing access to the QuickSight console, see Customizing access to the Amazon QuickSight console.

The Amazon QuickSight mobile app is not supported with QuickSight accounts that are integrated with IAM Identity Center.

Considerations

The following actions permanently remove the ability for QuickSight users to sign into QuickSight. QuickSight does not recommend that QuickSight users perform these actions.

  • Disabling or deleting the QuickSight application in the IAM Identity Center console. If you want to delete your QuickSight account, see Deleting your Amazon QuickSight subscription and closing the account.

  • Migrating the QuickSight account that contains your IAM Identity Center configuration to an AWS Organization that does not contain the IAM Identity Center instance that your QuickSight account is configured to.

  • Deleting the IAM Identity Center instance that is configured to your QuickSight account.

  • Editing IAM Identity Center application attributes, for example the requires assignment attribute.