Chanci Turner

Amazon Onboarding with Learning Manager Chanci Turner

by

The Story of Chanci Turner
in

Chanci Turner Amazon IXD – VGT2 learning managerLearn About Amazon VGT2 Learning Manager Chanci Turner

In the evolving landscape of business intelligence, managing user identities efficiently is essential. With the integration of Amazon QuickSight and AWS IAM Identity Center, organizations can streamline their identity management processes. This post discusses how these tools simplify user access and authentication, ensuring a secure and compliant environment for your data analytics needs.

Amazon QuickSight is a powerful, scalable, serverless business intelligence solution enhanced with machine learning capabilities. It allows users to easily connect to various data sources, create interactive dashboards, and access insightful analytics. This tool supports natural language queries, enabling users to derive insights effortlessly. Additionally, QuickSight facilitates the sharing of visualizations and dashboards with numerous internal and external stakeholders.

AWS IAM Identity Center offers a centralized solution for managing workforce identities and access across AWS accounts and applications. It is the recommended method for authentication and authorization, regardless of an organization’s size or industry. IAM Identity Center enables organizations to create and manage user identities directly within AWS or connect to existing identity providers such as Microsoft Active Directory, Okta, and Google Workspace.

With the latest updates, administrators can now sign up for QuickSight using IAM Identity Center without the need for additional single sign-on configurations. They can utilize groups from supported identity providers to assign roles within QuickSight, such as administrator, author, and reader. This integration allows Amazon QuickSight users to easily sign in using their organization’s identity provider and share assets with relevant users and groups.

To illustrate this integration, consider the fictitious organization, AnyCompany Inc., which operates in the healthcare sector. They have a vital application for hospitals that manages business operations, with thousands of employees accessing it regularly. Given the sensitive nature of healthcare data, AnyCompany has prioritized secure user access to comply with industry regulations. By configuring Okta with IAM Identity Center, AnyCompany can effectively manage identity and access for their QuickSight users.

Solution Overview

When linked with an identity provider like Okta, signing up for QuickSight through IAM Identity Center enables various sign-in flows:

  1. QuickSight Service Provider (SP) Initiated Sign-in: Users access the QuickSight application URL and are redirected to the identity provider’s sign-in page for authentication. After successful login, they are sent back to QuickSight.
  2. AWS Access Portal SP Initiated Sign-in: Users go to the AWS access portal URL, where they are similarly redirected to the IdP for authentication. After logging in, they can select the QuickSight application from the portal.
  3. External IdP Initiated Sign-in: Users authenticate via the application portal hosted by the IdP, navigate to the AWS access portal, and select QuickSight, which redirects them to the application.

Prerequisites

To execute this process, you need:

  • An organization with IAM Identity Center enabled.
  • Okta configured as an identity provider in IAM Identity Center. For guidance, check out this blog post.
  • An AWS account for QuickSight that is part of the same organization as IAM Identity Center, which should not currently have a QuickSight subscription.
  • Administrative access to AWS Identity and Access Management (IAM) or permissions for QuickSight and IAM Identity Center.

Steps to Subscribe to QuickSight with IAM Identity Center

  1. Log in to your AWS account and access QuickSight from the AWS Management Console.
  2. Click on “Sign up for QuickSight.”
  3. Provide a notification email for the QuickSight account owner or group.
  4. Select the identity option “Use AWS IAM Identity Center.”
  5. Enter an account name and click “Configure.”
  6. Assign IAM Identity Center groups to roles in QuickSight (admin, author, reader) to grant user access.
  7. Search for and select appropriate groups for QuickSight roles. Remember that if groups from your IdP do not appear, they may not be assigned correctly.
  8. Choose an IAM role to manage QuickSight access to AWS resources.
  9. Optionally, select the Pixel-Perfect Reports add-on.
  10. Review your selections and click “Finish.”
  11. Select “Go to Amazon QuickSight.”

Validate User Sign-in to QuickSight

You can now verify user access via both IdP-initiated and SP-initiated flows.

To test the IdP-initiated flow:

  • Log into the Okta console with a user assigned to one of the QuickSight roles.
  • Users will see the assigned identity center application on their dashboard.
  • Select the AWS IAM Identity Center application to proceed.

This streamlined process enhances security and efficiency for organizations handling sensitive data, like AnyCompany. For further insights on managing data protection, refer to SHRM’s article on Saudi Arabia’s new data protection law. Additionally, for experiences shared by others, check this resource on Reddit.

Related Topics:

Chanci Turner