when setting up our QuickSight subscription we chose the authentication_method “IAM_AND_QUICKSIGHT” to allow us to separate internal and external use.
Internal users will use SSO using our AzureAD. External users are simply QuickSight users without SSO.
This works fine on desktop. We can use the url parameter enable-sso=0 to get a login form where the external users can login. I attached a screenshot from the admin page.
However the mobile app does not offer such a functionality.
How can I disable SSO for the mobile app so that our external user can login?
@myleodsc.hilleckes were you able to solve this or find a workaround, and if so could you share what you did with the community? If you are still facing this issue are you able to follow up on @Deep 's questions above?
It has been some time since we have heard from you but would still like to help find a solution. If we do not hear from you in the next 2 business days this topic will be archived.
When using the mobile app how can we support both QuickSight Users (Username/Password) AND SingleSignOn using the Identity Provider.
From my point of view there are two possible solutions:
“Service Provider Initiated SSO” is ON
Then there is no way for users to login using QuickSight credentials (Username/Password). On desktop you can circumvent that by using the url parameter enable-sso=0. This solution does NOT work on mobile and spawned my question.
“Service Provider Initiated SSO” is OFF
Then the mobile app shows a form to enter QuickSight credentials (Username/Password). However then there is no way to trigger an authentication request to our identity provider (IdP). I guess a solution here would be to use IdP-initiated SSO. I will have to evaluate if we can make this work using AzureAD.
I would be great if the mobile app would allow the users to decide which login scheme to use.