I am trying to set up access to Quicksight via Cognito, but every time that I redirect a user using a sign in link, I get this error
“The external login used for federation is unauthorized for this QuickSight User.
Please refer to this page for help”
I have followed the directions in the link, but I have made no progress. Here is what the config for one of my users looks like:
$ aws quicksight describe-user --aws-account-id 732958832353 --namespace default --user-name QuicksightCognitoUsersSta-QSWebIdentityRole00A6161-Y1GN3HNB3V80/test6
How can I solve this problem and authorize the external login?
Please try by leaving the field ExternalLoginId blank. That would reset which Cognito user the QS user is mapped to.
Or, if you can find the Cognito user to map to this user via the Cognito list user api. list-users — AWS CLI 1.22.80 Command Reference
I can’t leave ExternalLoginId blank because it results in this error:
InvalidParameterValueException: An error occurred (InvalidParameterValueException) when calling the RegisterUser operation: ExternalLoginFederationProviderType and ExternalLoginId should be provided together.
What are you saying in the second half of your answer. I have admin access to the account I am using, so yes I can find the Cognito users.
I’ve figured this out with some help from the Quicksight team.
There were two problems:
COGNITO option for the
ExternalLoginFederationProviderType parameter in the
register_user SDK call seems to be broken. Instead of automatically setting the
CustomFederationProviderUrl parameter to something like
cognito-idp.us-west-2.amazonaws.com/us-west-2_VTyD3lDhH, it always sets it to
cognito-identity.amazonaws.com which does not work. To fix this, I used ‘CUSTOM_OIDC’ as the
ExternalLoginFederationProviderType and manually set the
I originally used something like
us-east-1:123abc-1234-123a-b123-12345678a for the
ExternalLoginId parameter in the
register_user SDK call as described here. That documentation is wrong, and it is supposed to look like
Seems like your issue is fixed and there were errors in documentation. Sorry, for the trouble. We will make sure to update the documentation. Appreciate your help and input.