I got my aws account subscribed to Quicksight with an authentication method : identity_pool which i suppose it’s related to cognito.
I got users who can connect to quicksight without an issue, but now i wanted to test to register a quicksight user in a specific namespace with an identity type : Quicksight.
The cli return a 200 response with an inv url where i set the password, but i cannot connect, is it normal because i’m supposed to have users only in cognito?
Is it possible to change my quicksight to another type of authentication?
Is it possible to achieve SSO login for quicksight for some users aswell as at the same time have a basic auth for another users?
1. Can you connect with QuickSight identity type “QuickSight” when using identity_pool authentication?
No, this is expected behavior - identity_pool authentication requires federated identities through Cognito, not local QuickSight credentials.
2. Can you change QuickSight authentication methods?
No, you will need to create a new QuickSight account
3. Can you have SSO and basic auth simultaneously?
No, QuickSight only supports one authentication method per account.
Hi @RajKavuda,
I appreciate your fast and precise response, Thank you!
I’d like to ask two more questions please,
Even with an Entreprise Edition, Quicksight supports only one authentication method right ?
If I were to create a new Quicksight Account, with an Authentication method : IAM_AND_QUICKSIGHT. Then would it be possible to have some users login with basic credentials ( username, password ) and others to be IAM users or comming from an external IDP ?
Amazon QuickSight supports only one primary authentication method per account, which is selected during the initial account setup and cannot be changed later without migrating all assets to a new QuickSight account with a different authentication configuration.
When you choose the IAM_AND_QUICKSIGHT authentication method during setup, your account is configured to technically support both types of user identities, but - QuickSight-managed users are invited via email and create username/password credentials that are managed internally by QuickSight, allowing them to sign in directly through the QuickSight sign-in page. Meanwhile, IAM users or federated identities can access QuickSight through the AWS Management Console or via an external identity provider (IdP) portal using SAML 2.0 federation, provided they have the appropriate IAM policies attached.
QuickSight treats these as two completely separate and distinct identity types within the same account. A specific user must exist as either a QuickSight-managed user or an IAM-based user—you cannot merge or link these identities for the same person, and each user is restricted to their designated login flow. While both user types can coexist in the account under IAM_AND_QUICKSIGHT, they operate in separate identity pools and cannot be converted or unified. For organizations seeking a truly centralized identity management system that provides a seamless single sign-on (SSO) experience for both internal and external users, AWS recommends leveraging AWS IAM Identity Center (formerly AWS SSO) and federating your external IdP through that service, which creates a more unified authentication experience across your user base.