Posted On: May 25, 2017

Starting today, Amazon QuickSight customers can use Federated Single Sign-On (SSO) using SAML 2.0 to access QuickSight. This allows users to sign in to their Identity Provider portals with existing credentials and then access QuickSight with a single click, without having to enter any QuickSight-specific account names or passwords.

With Federated SSO and QuickSight’s new permissions-based just-in-time user provisioning capabilities, AWS administrators can use their existing identity management mechanisms to enable QuickSight access for their users. Once the required permissions are in place, users can onboard themselves to QuickSight without any additional administrator intervention.

Federated SSO also allows administrators to impose additional security controls on QuickSight access through the Identity Provider portal depending on access location, device used, or other criteria. This allows for compliance with corporate data access policies and for additional safeguards when handling sensitive data in QuickSight. Federated SSO can be enabled via any SAML 2.0 compliant Identity Provider such as Microsoft Active Directory Federation Services, Okta, Ping Identity, and Shibboleth.

Federated SSO using SAML 2.0 is now available for QuickSight Standard Edition, with support for Enterprise Edition coming shortly. This feature is now available in all QuickSight regions – US East (N. Virginia and Ohio), US West (Oregon) and EU (Ireland).

To learn more about how you can enable this in your organization, see the latest Big Data blog post on QuickSight.