Hi,
I am currently setting up users to access QuickSight via assumed IAM Roles and session ID’s.
While I understand that users can log in to the AWS Console, assume the role and then navigate to QuickSight via the services list, is there any other way to access QuickSight more directly?
Thanks
Hi ,
Are the users are using logging into aws using a link ( eg below )? :
I believe in this scenario since users are federating into Amazon QuickSight, the access is through the AWS console services list.
Regards,
Koushik
Yes, they are using an SSO link to sign into the console, via federation.
If it is an SSO link , depending upon the identity provider, QuickSight does identity federation and SSO
Using external identity federation and single sign-on with Amazon QuickSight - Amazon QuickSight
You could configure SSO to directly navigate to QuickSight ( IDP to QuickSight )
Regards,
Koushik
Including using AWS SSO?
yes including AWS SSO.
I just wanted to add to this that:
In order to use AWS IAM Identity Center federation to access QuickSight with email syncing enabled, it is necessary to enable attribute-based access control and configure the Email attribute to be included as a session tag (in the AssumeRoleWithSAML request).