We currently have Quicksight SSO configured successfully as an SP with Auth0 as the IDP. Users can login successful to Auth0 and get successfully logged in to Quicksight.
The issue is that once the Quicksight session expires the user is not redirected back to the IDP (auth0) but instead they are presented with the default Quicksight login page which the user doesn’t know anything about and are confused as to how to log back in.
Is there anyway to get the user redirected back to the SSO IDP after the Quicksight session expires so that they can login again?
Thanks
@hossman51 ,
I believe your question is almost similar to the following : SessionDurationAttribute does not work when signing in to QuickSight with SAML 2.0 federation | AWS re:Post
As you have SSO configured , the default QuickSight page is asking for the account name ? . Then providing the account name should redirect the user back to your IDP. If the user is successfully logged into IDP, then the user will be re-directed back to QuickSight.
Kind regards,
Koushik
Koushik,
Thank you, this has been very helpful. Here’s my next question. When the QS session expires the user is taken to this url
Is there anyway to get the directory_alias={qs_account_name} parameter added to this url automatically at session expiration so that the user would be redirected back to the IDP without having to enter the account name?
Our users don’t know their account name because they originally signed in via an IDP link that already knew their account name for them.
Thanks,
Dustin
Automatically I don’t think is possible. The following though will include the QS-Account-Name which the end-users could bookmark ?
https://quicksight.aws.amazon.com/sn/start?directory_alias=replace-qs-account-name
Kind regards,
Koushik.