Hi,
I am currently setting up users to access Quick Sight via assumed IAM Roles and session ID’s.
While I understand that users can log in to the AWS Console, assume the role and then navigate to Quick Sight via the services list, is there any other way to access Quick Sight more directly?
Thanks
Hi ,
Are the users are using logging into aws using a link ( eg below )? :
I believe in this scenario since users are federating into Amazon Quick Sight, the access is through the AWS console services list.
Regards,
Koushik
Yes, they are using an SSO link to sign into the console, via federation.
If it is an SSO link , depending upon the identity provider, Quick Sight does identity federation and SSO
Using external identity federation and single sign-on with Amazon QuickSight - Amazon QuickSight
You could configure SSO to directly navigate to Quick Sight ( IDP to Quick Sight )
Regards,
Koushik
Including using AWS SSO?
yes including AWS SSO.
I just wanted to add to this that:
In order to use AWS IAM Identity Center federation to access Quick Sight with email syncing enabled, it is necessary to enable attribute-based access control and configure the Email attribute to be included as a session tag (in the AssumeRoleWithSAML request).