I have a question with a QuickSight account which integrated with IAM Identity Center.
When I log in to QuickSight as an admin role via Okta and IAM Identity Center and click the button ‘manage role groups’ in ‘Manage users’ menu, my login session is released and get session error like below screen capture.
Meanwhile, when open the QuickSight console with AWS Account login, I can do ‘manage role groups’ like below.
Is this an expected behavior, and if so, why?
Thanks.
1/ There are differences in permissions that can be handled by an Admin [ Configure your Amazon QuickSight account with IAM Identity Center - Amazon QuickSight ]
2/ In Microsoft AD / IAM IDC integration to QuickSight, the IAM user who subscribes to QuickSight has a set of administrative permissions [ as in your screenshot, can assign groups to required roles ] , the user is not a user of QuickSight itself [ this IAM user does not have anything to with building dashboards for example ] .
It’s different than other QuickSight integrations where the Admin is a QuickSight user with all capabilities.
3/ The admin with whom you logged into QuickSight , is a user from Okta who is part of the Admin group, this user cannot manage any groups [see link 1 on what’s possible ] .
Kind regards,
Koushik
Hi Koushik,
But this link says QuickSight admin role permissions can Manage users.
Is this mean that QuickSight admin role permissions (the one whom logged into QuickSight from Okta SSO with admin role) can manage user and groups?
I’m still confused.
Thanks.
Yes you can access the section and view the users .
Left side of the screen is the AWS IAM User who logged into AWS Console and accessed QuickSight
Right side of the screen is the QuickSight user who is part of the Admin role group coming from Okta.
Is this mean that QuickSight admin role permissions (the one whom logged into QuickSight from Okta SSO with admin role) can manage user and groups?
Managing Role Groups : It would be the AWS IAM user who would access QuickSight from the AWS Console
Manage QuickSight > Manage Users : It would be the user who federated to QuickSight from IDP ( in your scenario Okta ) .
In the image, the user in QuickSightadmins is mapped to role Admin group.
Hello @joohyery, since we have not heard back from you with any remaining questions, I will mark @Koushik_Muthanna’s response as the solution. Please let us know if you need any further assistance on this issue and we can help guide you further. Thank you!
Hi,
What kinds of actions included in " Manage users "?
Thanks
