I have been using a hybrid login with the default namespace.
General users are accessing QuickSight visuals via embedded analytics as IAM users (all readers). Some handsful authors use direct QuickSight login user/pass. - All good so far.
Recently, I just created a custom namespace(xx). And created a user on that namespace with group and custom permission. I see a shared dataset/analysis/ dashboard from the default namespace. So, all good.
When I create a user with a custom namespace in CLI, I get an invitation url but it doesnât work.
Then, why does the above CLI output a non-working URL?
Let me assume thatâs what it is. Then, how can I achieve what I want?
For user A in namespace XX, how can he/she create/update the analysis and publish it? Does he have to use embedded authoring and do it from the App side, not from QuickSight directly?
Currently, I am not using SSO with QuickSight. User wonât come to QuickSight directly from Okta. They will access it only from embedded dashboards. Do I need to make SSO enable for this?
Federated users, IAM users and QuickSight managed users can all be created in secondary namespaces. However, only Federated and IAM users in secondary namespace will be able to access QuickSight console directly. You can user QuickSight managed users with secondary namespaces if your use case requires only embedded access. Both dashboard and session/author embedding is possible with QuickSight managed users in secondary namespaces.
If the above works, then you handle secondary namespaces as part of your application code. Based on the user who is accessing the application, the embedding url will also require the userarn and this can be the user in a custom namespace.
For a user to access QS for authoring, the user still opens the QuickSight login page (https://quicksight.aws.amazon.com/). Then enter the correct account name.
The screen will be redirected to the IAM login page. Type in the IAM userâs username and password.
The screen will redirect to the QuickSight console.