We have different environments like dev,test, prod each with it’s own IDP/SSO provider. How can we configure these IDP providers.
We are planning to use namespaces but the I see only one SSO config.
Hmm, I don’t know if that is possible. Have you taken a look at this?
Hi @rsinghal12 ,
You can configure a single IDP SSO in QuickSight. If users are accessing QuickSight using the following : https://quicksight.aws.amazon.com/ , they will re-directed to the SSO configured.
Accessing namespaces is possible only through federation , in this scenario pre-register the users in the namespaces required.
Using the Okta example ( Tutorial: Accessing Amazon QuickSight using Okta SSO - Amazon QuickSight)
-
Okta as IDP and the users are part of a namespace (eg : Customer1 ).
-
Pre-register the users ( RegisterUser - Amazon QuickSight ) in the namespace (Customer1) .
-
Example Register API executed with the output
-
From the Okta portal, when an user clicks on the QuickSight application, the user will be taken to QuickSight page for namespace(Customer1).
In order to have multiple IDP/SSO, only solution is to have multiple AWS accounts?
Thanks for the examples?
Hi @rsinghal12 ,
There are 2 possible flows :
Identity Provider Initiated (IdP-initiated) SSO
User logs into the IDP Portal
QuickSight application is configured
User is redirected to QuickSight homepage when clicked .
Service Provider Initiated (SP-initiated) SSO
QuickSight can also be configured for SP-initiated sign-on in the Enterprise edition. This setup enables QuickSight to redirect the user to authenticate with the IdP first before granting access to the QuickSight resources.
If Identity Provider Initiated (IdP-initiated) SSO > You can have users from multiple IDP’s logging into 1 QuickSight account.
If Service Provider Initiated (SP-initiated) SSO > You can configure only 1 IDP in the QuickSight account.
