We have multiple accounts dev , test and prod . and each user can be in one or multiple. roles : readOnly , tester, developper , admin .
I am not sure which authentification method to use:
If I use sso : can admins simply add the other users? Or do I have to change permission set in a role so that user can self provision , like this : Provisioning users for Amazon QuickSight - Amazon QuickSight
Do I have to use authentification with IAM identity center, and map reader, author , admin roles in quicksight to the IAM roles and have the users self provision ? Managing access for IAM Identity Center users - Amazon QuickSight
Either way ,How can I check which authentification method is used in the current quicksight account ?
Some factors will drive the decision of the authentication method:
Which IDP you are using for SSO?
Are those users need to access AWS Console or only QuickSight Console?
Are those users access QuickSight through Console or embedded application?
IAM Identity centre is the recommended way as it integrates with other AWS services such as Redshift and you can map the user with user role such as author, reader. If you don’t have IAM Identity setup and want to integrate with existing IDP, you can integrate with other IDP with SAML 2.0 or OIDC. For instance, if you are using Okta, you can setup SSO, you can setup a SSO between Okta and QuickSight. Admin only need to create user in Okta. User can login to QuickSight by SSO. Sharing some references in below
Hi @manel,
It’s been awhile since we last heard from you. Do you have any additional questions regarding the solution you received from royyung?
I will go ahead and mark as the solution but if you have any other questions, feel free to create a new topic for discussion.
So, is it possible thru the QS console to view the current authentication method used by my admin account? I did not see any way to do this thru the Manage Quicksight link. Or is the API the only way to get this info?
