How to convert old Authentication method to IAM Identity Center type?

Q&A
, , ,
1

We’ve been using QS with the original Auth type ( IAM federated identities & Quick Sight-managed users). But, we are thinking to convert this to IAM identity center type utilizing OKTA-IAM identity center - Quicksight

I know there is no option available in admin console. But, I heard there is a way to do it in one of the learning video.

  1. How do I change identitytype ?

  2. With this change, how a user can be author and reader ?

Currently we do this.

  const params = {
    AwsAccountId: awsAccountId,
    Namespace: 'default',
    IdentityType: 'IAM',
    IamArn: lambdaExecRoleArn, 
    UserRole: 'READER',
    SessionName: userName, 
    Email: email_,
  };
 quicksight.registerUser(params);

We register all users from app as READER. Then, how can I have Author as this is coming from OKTA-IAM identity center. There will be only one person of me, right?

3

Hi @tbdori,

If you want to upgrade your current user from READER to AUTHOR, Quick Sight admin user can do it from Manage Quick Sight>Manage users screen or by running the update-user API.
Authentication mode that Quick Sight uses can currently be set only at the sign up time.
Since your account was setup to use IAM federated identities and Quick Sight managed users, you can still route your users via IDC if you choose to do so but such users will still be treated as federated identities (with two part user name - role name/role session name) within Quick Sight.
ie - this will not get you the additional benefits that come with PRO users.

As of today(06-Aug-2024), it is not possible to change the auth mode to direct IDC without recreating your account. Product team is working on building mechanisms to make it easier for existing customers to migrate their accounts from current auth modes over to IDC. (No timeline projections available)

[The prior response that was provided to you by another community user wasn’t accurate. Hence, I have removed that response from this thread.]

Regards,
Arun Santhosh
Pr Quick Sight SA

4

Is there any update on this?

At the moment, let’s assume I recreate Quick Sight on my dev account which will use IDC this time.
If I export all assets, can I import those into new IDC enabled Quick Sight so I don’t lose anything?

5

Hi @tbdori,

Porting all assets over to a new IDC backed account is an option. However, it can be quite a heavy lift depending on the number of assets and users that you have. Work is progressing on the managed migration route. I have provided some additional details to your account team and they will be reaching out to you.

Regards,
Arun Santhosh
Pr Quick Sight SA