# Signing in to Amazon Quick Signing in to Quick You can sign in to Amazon Quick multiple ways, depending on what your Quick administrator has set up. You can sign in to Quick using AWS root, AWS Identity and Access Management (IAM), corporate Active Directory, or your native Quick credentials. If your Quick account is integrated with an identity provider such as Okta, the following procedures don't apply to you. If you're a Quick administrator, make sure to allow-list the following domains within your organization's network. | User type | Domain or domains to allow-list | | --- | --- | | Users who sign in directly through Quick and Active Directory users | `signin.aws` and `awsapps.com` | | AWS root user | `signin.aws.amazon.com` and `amazon.com` | | IAM users | `signin.aws.amazon.com` | # Post-setup configuration Post-setup configuration After signing in to Quick, you can customize your environment by configuring agent settings and other preferences. **To complete post-setup configuration** 1. **Agent customization access** From the left navigation menu, under Customization, select Agent customization. 1. **Environment settings** Enter the settings you require for your environment. These settings will customize Amazon Q's behavior for your specific use case. **Important** We strongly recommend that you don't use the AWS root user for your everyday tasks, even the administrative ones. Instead, adhere to the best practice of using the root user only to create your first IAM user. Then securely lock away the root user credentials and use them to perform only a few account and service management tasks. For more information, see [AWS account root user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html) in the *IAM User Guide*. ## How to sign in to Quick How to sign in to Quick Use the following procedure to sign in to Quick. **To sign in to Quick** 1. Go to [https://quicksight.aws.amazon.com/](https://quicksight.aws.amazon.com/). 1. For **Quick account name**, enter your account name. This is the name that was created when the Quick account was created in AWS. If you were invited to the Quick account by email, you can find the account name inside of that email. If you don't have the email that invited you to Quick, ask the Quick administrator in your organization for the information that you need. You can also find your Quick account name by selecting the profile icon at the upper-right of the Quick console menu. In some cases, you might not have access to your Quick account or have an administrator who can provide this information, or both. If so, contact AWS Support and open a ticket that includes your AWS customer ID. 1. For **Username**, enter your Quick user name. User names that contain a semicolon (;) aren't supported. Choose one of the following: + For organizational users – The user name is provided by your administrator. Your account can be based on IAM credentials or your email address if it's a root email address. Or it can be used as the user name to invite you into the Quick account. If you received an invitation email from another Quick user, it indicates what type of credentials to use. + For individual users – The user name that you created for yourself. This is usually the IAM credentials that you created. The remaining steps vary depending on the user type you sign in as (directly through Quick or as an Active Directory user, AWS root user, or IAM user). For more information, see the following sections. ### Finishing Quick sign-in as a Quick or Active Directory user If you're signing in directly through Quick or are using your corporate Active Directory credentials, you're redirected to `signin.aws` after you enter your account name and user name. Use the following procedure to finish signing in. **To finish signing in to Quick if you sign in directly through Quick or use Active Directory credentials** 1. For **Password**, enter your password. Passwords are case-sensitive and must be 8–64 characters in length. They must also contain each of the following: + Lowercase letters (a–z) + Uppercase letters (A–Z) + Numbers (0–9) + Nonalphanumeric characters (\$1\$1@\$1\$1%^&\$1\$1-\$1=`\$1\$1()\$1\$1[]:;"'<>,.?/) 1. If your account is multi-factor authentication enabled, enter the multi-factor authentication code that you receive for **MFA code**. 1. Choose **Sign in**. ### Finishing Quick sign-in as an AWS root user If you're signing in as an AWS root user, you're redirected to signin.aws.amazon.com (or amazon.com) to complete the sign-in process. Your user name is prefilled. Use the following procedure to finish signing in. **To finish signing in as an AWS root user** 1. Choose **Next**. 1. For **password**, enter your password. For more information about root user passwords, see [Changing the AWS account root user password](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_change-root.html) in the *IAM User Guide*. 1. Choose **Sign in**. ### Finishing Quick sign-in as an IAM user If you're signing in as an IAM user, you're redirected to signin.aws.amazon.com (or amazon.com) to complete the sign-in process. Your user name is prefilled. Use the following procedure to finish signing in. **To finish signing in as an IAM user** 1. For **Password**, enter your password. For more information about IAM user passwords, see [Default password policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html#default-policy-details) in the *IAM User Guide*. 1. Choose **Sign in**. # Signing in with multiple accounts Signing in with multiple accounts You can sign in to Amazon Quick with multiple accounts at the same time and switch between them as necessary. **To sign in to multiple accounts** 1. Follow the steps at [Signing in to Amazon Quick](signing-in.md) to sign in to Amazon Quick. 1. At the top-right corner, select your account name to reveal a dropdown menu. 1. Hover over **Switch accounts**. A list of accounts that you've signed in to before appears. Do one of the following: + To switch to an account, select that account and provide sign-in credentials. + To sign in to a new account, choose **Add another account**. You are prompted to provide sign-in credentials for the account. **To sign out of an account or all accounts** 1. Select your account name at the top-right corner to reveal a dropdown menu. 1. Hover over **Sign out**. You can choose to sign out of your current account or to **Sign out of all accounts**. ## URL structure When using multiple accounts, Amazon Quick URLs include the account name to identify which account you're accessing. ### Application URLs Application URLs follow this structure: ``` https://us-east-1.quicksight.aws.amazon.com/sn/account/ACCOUNT-NAME/... ``` Examples: ``` https://us-east-1.quicksight.aws.amazon.com/sn/account/my-account/start/home https://us-east-1.quicksight.aws.amazon.com/sn/account/my-account/dashboards/1234 ``` ### Console URLs Console URLs follow this structure. **Standard accounts (account alias is the account ID)** ``` https://us-east-1.quicksight.aws.amazon.com/sn/console/account/123456789012/... ``` Examples: ``` https://us-east-1.quicksight.aws.amazon.com/sn/console/account/123456789012/admin https://us-east-1.quicksight.aws.amazon.com/sn/console/account/123456789012/asset-management ``` **Accounts with IAM multi-account access (account alias is the session differentiator)** ``` https://us-east-1.quicksight.aws.amazon.com/sn/console/account/123456789012-abc123/... ``` Examples: ``` https://us-east-1.quicksight.aws.amazon.com/sn/console/account/123456789012-abc123/admin https://us-east-1.quicksight.aws.amazon.com/sn/console/account/123456789012-abc123/asset-management ``` ## Key considerations and limitations + The URL structures above enable bookmarking of resources within the Amazon Quick account. + You can simultaneously be signed in to different accounts in different tabs or windows in your browser. + The Amazon Quick URL contains your account name. If you change it to another account name, you are prompted to sign in if you aren't already. + You can sign in to up to five accounts. If you try to sign in to a sixth account, the system automatically signs out and forgets the least recently signed in account. + Multi-account sign-in is not supported for IAM users who access Amazon Quick through IAM-based multi-account federation. ## IAM SSO federation with multi-account For more information about setting up identity federation, see [Initiating sign-on from Quick](federated-identities-sp-to-idp.md). ### Service Provider (SP) initiated federation If your account has SSO configuration established in Quick, all login attempts or links that include the account alias provide seamless login. There is no change in behavior for these logins. ### Identity Provider (IdP) initiated federation **Scenarios with no change in behavior:** + If you have enabled IAM multi-account access, all federation links provide seamless login, regardless of whether they include the account alias. + If you have SSO configuration enabled in Quick, all IdP initiated federation or IdP deep links that include the account alias provide seamless login. + If you have never used Quick before or have only ever used one account with Quick and you use IdP federation to access that one account, there is no change in experience. **Scenarios with change in behavior:** When you have one or more saved Quick accounts and access any IdP federation link without an account alias, instead of being taken directly to your account, you land on the Quick saved account login page where you can select your session and be taken to your account. **Recommended configuration:** To ensure seamless IdP federation, include the account alias in all IdP federation links. If you are unable to ensure the account alias in your deep links or you do not have SSO configuration enabled in Quick, include the `sso_login=true` query parameter in your links. Recommended example start federation URL: ``` https://us-east-1.quicksight.aws.amazon.com/sn/account/ACCOUNT-NAME/start/home?sso_login=true ``` If your sign-in process happens automatically and you need to use a different account, use a private or incognito browser window. Doing this prevents the browser from reusing cached settings.