Dashboard management using Okta provisioned users

What we’ve managed to get to work:

  • Okta integration with AWS using SAML 2.0
  • Okta provisions Quicksight Reader accounts
  • Currently, all Okta users that are assigned to Quicksight are all given the same AWS IAM Role

What we are trying to achieve:

  • Dashboard management (not every user will have access to every dashboard)
  • Quicksight Groups are not an option; we are trying to keep the user management component in Okta.

What we’ve tried:

  • Creating an IAM Role for each Quicksight Dashboard and assigning to the proper Okta users in Okta; this did not work, because it creates a Quicksight Reader account for each IAM Role/Okta username combination. It also makes the user select which role they want to use without giving an option to change roles once in Quicksight (without signing out and signing back in)

We opened a ticket with AWS Support and they offered using IAM User Groups. This is not possible since we are not creating IAM users; just Quicksight Reader accounts.

My question is simple; is what we are trying to accomplish even possible?

Hi robzvo-mpg,

This is only possible today via creating QuickSight groups and adding readers to groups. Once groups are in place dashboards can be shared with groups that need access. If you don’t want to use QuickSight groups, share dashboards with the individual users who should have access to it.