My final goal is to be able to connect to Quicksight from my IDP that is compatible with the OIDC standard.
In order to achieve that, in IAM, i did configure my external Identity provider ( giving him the client id aswell as the provider URL ), I did associated a role for that identity provider (giving him all access to Quicksight resources as a test). After that, i went to Quicksight → manage SSO → i didn’t understand verry well the attribute “IdP redirect URL parameter” ( i did set it to redirect_url and also TargetResource and RelayState)
but it didn’t work, when i try to enter to Quicksight, it redirects me to my IDP, but after successfull authentication, i don’t get redirected to quicksight.
I got 2 questions : I don’t know if that the procedure i did excute is correct. Any help regarding that ?
For my users who’ll have the right roles in my IDP, how will they connect to Quicksight but having diffrent roles ? should i like create 3 diffrent roles in my IDP application in order to manage for example READER; AUTHOR and ADMIN ? what are the best practises around that ?
You’ve completed most of the setup steps for OIDC federation with Quick. To resolve the remaining redirect issue after IdP authentication. I would recommend filing a case with AWS Support where we can dive into the details so that we can help you further. Here are the steps to open a support case. If your company has someone who manages your AWS account, you might not have direct access to AWS Support and will need to raise an internal ticket to your IT team or whomever manages your AWS account. They should be able to open an AWS Support case on your behalf. Hope this helps!
Just checking back in since we haven’t heard from you in a bit. I wanted to see if the guidance shared earlier helped resolve your question, or if you found a solution in the meantime. Moreover, if you did submit a support ticket and it uncovered any findings, please feel free to share them!
If you still have any additional questions related to your initial post, feel free to share them. Otherwise, any update you’re able to provide within the next 3 business days would be helpful for the community.
Since I haven’t received any further updates from you, I’ll treat this inquiry as complete for now. If you have any additional questions, feel free to create a new post in the community and link this discussion for context.