How can I add a just-in-time provisioned user to a QuickSight Group upon their first sign in from SSO?

We have successfully implemented the Okta SSO integration described in the tutorial (Tutorial: Accessing Amazon QuickSight using Okta SSO - Amazon QuickSight). But I’d like to automatically add all users from our identity provider to a default group as soon as they log in for the first time. Is this possible? Thanks!

Currently you can not add users to a quicksight group automatically. you can try two options.

  1. pre provision the user, with register user API and add user to group. This way, users are pre assigned to group they are mapped to
  2. Once the user is registered in Okta, you can use Okta API to describe group information and pass them to Quicksight with programmatic approach.

Register user API - RegisterUser -

Group Membership API - create-group-membership — AWS CLI 1.25.29 Command Reference

Thank you for the reply, @Ashok.

Regarding Option 2, what trigger would you use to invoke the create-group-membership? Can you give an example of how you’re thinking about that?

Not the triggers, my example is based on using batch process which does user registration and group membership in sequence.