Mobile App - How to login with Quick Sight users when SSO is enabled?

Hello,

when setting up our Quick Sight subscription we chose the authentication_method “IAM_AND_QUICKSIGHT” to allow us to separate internal and external use.

Internal users will use SSO using our AzureAD. External users are simply Quick Sight users without SSO.

This works fine on desktop. We can use the url parameter enable-sso=0 to get a login form where the external users can login. I attached a screenshot from the admin page.

However the mobile app does not offer such a functionality.

How can I disable SSO for the mobile app so that our external user can login?

Best regards,
Hendrik

Hello Myleodsc,

Welcome to the QS community.
you may refer to this blog - Amazon QuickSight announces the all-new QuickSight Mobile app | AWS Big Data Blog

Hope this helps.
Cheers,
Deep

Thanks for your answer.

I already saw that blog post. However my problem is not adressed there.

The application defaults to the SSO Login using our Identity Provider. There is no way for me to enter the username and password of a Quick Sight user.

As I said above on desktop you can prevent this behaviour by using the url-parameter enable-sso=0.

Hello Myleodsc,

SSO is not expected on mobile ? for all users base ? external and internal?

SSO on mobile works for internal ? and how are external users configured, created in QS ?

could you share some insight on that.

Thanks again.
cheers,
Deep

Hello @myleodsc.hilleckes and @Deep !

@myleodsc.hilleckes were you able to solve this or find a workaround, and if so could you share what you did with the community? If you are still facing this issue are you able to follow up on @Deep 's questions above?

It has been some time since we have heard from you but would still like to help find a solution. If we do not hear from you in the next 2 business days this topic will be archived.

Hey,

I am still facing issues.

I try to rephrase my question:

When using the mobile app how can we support both Quick Sight Users (Username/Password) AND SingleSignOn using the Identity Provider.

From my point of view there are two possible solutions:

1. “Service Provider Initiated SSO” is ON
   Then there is no way for users to login using Quick Sight credentials (Username/Password). On desktop you can circumvent that by using the url parameter enable-sso=0. This solution does NOT work on mobile and spawned my question.

2. “Service Provider Initiated SSO” is OFF
   Then the mobile app shows a form to enter Quick Sight credentials (Username/Password). However then there is no way to trigger an authentication request to our identity provider (IdP). I guess a solution here would be to use IdP-initiated SSO. I will have to evaluate if we can make this work using AzureAD.

I would be great if the mobile app would allow the users to decide which login scheme to use.

Best regards,
Hendrik

Hello @Deep and @myleodsc.hilleckes !

@myleodsc.hilleckes, I believe that you are correct that there are only two options.

I will mark this as a feature request for the Quicksight team!