What we’ve managed to get to work:
- Okta integration with AWS using SAML 2.0
- Okta provisions Quicksight Reader accounts
- Currently, all Okta users that are assigned to Quicksight are all given the same AWS IAM Role
What we are trying to achieve:
- Dashboard management (not every user will have access to every dashboard)
- Quicksight Groups are not an option; we are trying to keep the user management component in Okta.
What we’ve tried:
- Creating an IAM Role for each Quicksight Dashboard and assigning to the proper Okta users in Okta; this did not work, because it creates a Quicksight Reader account for each IAM Role/Okta username combination. It also makes the user select which role they want to use without giving an option to change roles once in Quicksight (without signing out and signing back in)
We opened a ticket with AWS Support and they offered using IAM User Groups. This is not possible since we are not creating IAM users; just Quicksight Reader accounts.
My question is simple; is what we are trying to accomplish even possible?