My company has two different Google Workspace domains (
company.com and company.com.au) and no central Idp. I’d like to set up federated access to QuickSight, but it looks like I can have only one SSO app.
Does anyone have any suggestions on the best way to handle this for our org?
Please refer to this previous post with similar question, may be it gives you some insight
There are 2 possible flows :
Identity Provider Initiated (IdP-initiated) SSO
User logs into the IDP Portal
QuickSight application is configured
User is redirected to QuickSight homepage when clicked .
Service Provider Initiated (SP-initiated) SSO
QuickSight can also be configured for SP-initiated sign-on in the Enterprise edition. This setup enables QuickSight to redirect the user to authenticate with the IdP first before granting access to the QuickSight resources.
I was able to do this by following this tutorial:
Amazon QuickSight is a scalable, serverless, embeddable, machine learning (ML)-powered business intelligence (BI) service built for the cloud that supports identity federation in both Standard and Enterprise editions. Organizations are working...
I also wanted to
set up email syncing and ended up writing some code to provision the Principal:Email from Google Workspace to QuickSight. Script is available on my github: https://github.com/patrickhaley/GJG-GAM-Scripts/blob/main/google-apps-scripts/updateGroupMemberAttributes.gs