I want to set up a new Entreprise edition for quicksight, i’m willing to use namespaces in order to separate my end user clients. I’ve heard that the only possible authentication method for them is federated Single Sign On (SSO) via IAM.
I want to know the steps needed in order to achieve that. what are the configurations needed to configure the SSO.
Also i do have an external IDP that supports the OIDC protocol. Is it possible to configure that external IDP in order to authenticate my users directly? if so what’s the steps/configurations needed for that ?
Yes, external OIDC IdP can be used to federate Quick Suite users into different custom namespaces, as supports custom OIDC providers through IAM identity federation.
Please refer to the following documentations and videos this might be helpful for you.
For my specific case since i want to use an external idp that is compatible with the OIDC standard. the steps/configurations needed is to configure in IAM an identity provider aswell as in the register api, set the url to the custom OIDC?
Are there any other configuration to do either in Quicksight or any other AWS services ( which i suppose it’ll be IAM )
that would be enough in order to authenticate my users right?
For your OIDC external IdP with custom namespaces, the core configurations are IAM Identity Provider setup plus register-user API with CUSTOM_OIDC parameters, this enables authentication for users in those namespaces.
Please refer to the following documentations this might be helpful for you.
Hi again and thank you for your precise responses.
if ever i want that Quicksight redirect me directly to the identity provider auth page, it’s a configuration to add in the Quicksight manage account → SSO. Am i correct ?
One more question, regarding the register user api, since i’ll be going for an OIDC external IdP with custom namespaces, the identity type of the user should be IAM right ?
if ever i’ll be switching to iam identity center, in that case the identity type should be IAM_IDENTITY_CENTER
