hi @root
Welcome to QuickSight Community. thank you for posting your inquiry!
for federated users first time accessing to QuickSight, IAM policy associated to a user does a trick to create user as READER/AUTHOR/ADMIN. also the email prompt can be disabled by syncing with the IdP email setting.
it seems you are using IAM Identity Center(IdC) to log into QuickSight. in order to make it work, you have to create QuickSight application on the IdC portal requiring to configure attributes(IAM Role…etc). all the points I mentioned are described in the blog below (it is not Okta being used for external identity store for IdC but it is AzureAD, but the configuration between IdC and QuickSight is the same)
if you don’t want to use self-provisioning, you can take the action off from IAM Policy and you can use CLI command that you described. you should be able to use once you register QuickSight application on IdC.
also the below is new feature announcement made this week for IdC integration with QuickSight.
hope this helps.
kind regards,
Wakana