I have a question with a Quick Sight account which integrated with IAM Identity Center.
When I log in to Quick Sight as an admin role via Okta and IAM Identity Center and click the button ‘manage role groups’ in ‘Manage users’ menu, my login session is released and get session error like below screen capture.
Meanwhile, when open the Quick Sight console with AWS Account login, I can do ‘manage role groups’ like below.
Is this an expected behavior, and if so, why?
Thanks.
1/ There are differences in permissions that can be handled by an Admin [ Configure your Amazon QuickSight account with IAM Identity Center - Amazon QuickSight ]
2/ In Microsoft AD / IAM IDC integration to Quick Sight, the IAM user who subscribes to Quick Sight has a set of administrative permissions [ as in your screenshot, can assign groups to required roles ] , the user is not a user of Quick Sight itself [ this IAM user does not have anything to with building dashboards for example ] .
It’s different than other Quick Sight integrations where the Admin is a Quick Sight user with all capabilities.
3/ The admin with whom you logged into Quick Sight , is a user from Okta who is part of the Admin group, this user cannot manage any groups [see link 1 on what’s possible ] .
Kind regards,
Koushik
Hi Koushik,
But this link says Quick Sight admin role permissions can Manage users.
Is this mean that Quick Sight admin role permissions (the one whom logged into Quick Sight from Okta SSO with admin role) can manage user and groups?
I’m still confused.
Thanks.
Yes you can access the section and view the users .
Left side of the screen is the AWS IAM User who logged into AWS Console and accessed Quick Sight
Right side of the screen is the Quick Sight user who is part of the Admin role group coming from Okta.
Is this mean that Quick Sight admin role permissions (the one whom logged into Quick Sight from Okta SSO with admin role) can manage user and groups?
Managing Role Groups : It would be the AWS IAM user who would access Quick Sight from the AWS Console
Manage Quick Sight > Manage Users : It would be the user who federated to Quick Sight from IDP ( in your scenario Okta ) .
In the image, the user in Quick Sightadmins is mapped to role Admin group.
Hello @joohyery, since we have not heard back from you with any remaining questions, I will mark @Koushik_Muthanna’s response as the solution. Please let us know if you need any further assistance on this issue and we can help guide you further. Thank you!
Hi,
What kinds of actions included in " Manage users "?
Thanks
