Considerations and use cases Prerequisites Configuring access

Configuring federated user access to Quick through IAM and an external IdP

Architecture diagram of a federated user from an external IdP accessing Quick through an IAM role.

The following are the characteristics of this architecture:

The Amazon Quick user record is linked to an AWS Identity and Access Management (IAM) role and the username in the IdP, such as QuickSightReader/DiegoRamirez@example.com.
Users can self-provision access.
Users log in to their external identity provider.
If email synchronization is disabled, users can provide their preferred email address when they sign into Quick. If email synchronization is enabled, Quick uses the email address defined in the enterprise IdP. For more information, see Quick email synchronization for federated users in this guide.
The IAM role contains a trust policy that allows only federated users from your external IdP to assume the role.

Considerations and use cases

If you already use identity federation to access your AWS accounts, you can use this existing configuration to also extend access to Quick. For Quick access, you can reuse the same processes that you have in place for provisioning and reviewing access to AWS accounts.

Prerequisites

Administrative permissions in Quick.
Your organization is already using an external identity provider, such as Okta or Ping.

Configuring access

For instructions, see Setting up IdP federation using IAM and Amazon Quick in the Quick documentation. For more information about configuring the permissions policy for Quick, see Configuring IAM policies in this guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Federated users

IAM Identity Center