Posted On: Dec 18, 2023

Amazon Redshift customers can now use the identities in their identity provider (IdP), such as Microsoft Entra ID, Okta, Ping, OneLogin, etc., to access Amazon Redshift in a single sign-on experience from Amazon QuickSight or Amazon Redshift Query Editor. Administrators can manage fine grained access to data in Redshift using the users and groups in the organization IdP, and can audit user access in AWS CloudTrail.

Amazon QuickSight, Amazon Redshift, and AWS Lake Formation use the trusted identity propagation feature of AWS IAM Identity Center to pass user identities seamlessly, reducing time to insights and enabling friction-free analytics experience. For example, the identity of a user accessing a dashboard in QuickSight is propagated to Redshift, where fine grained data permissions are applied on the data before it is presented back to the user. Data lake admins can use Lake Formation to manage permissions to data lake or data sharing consumer tables by specific users and groups in an IdP. End users’ access and actions are authorized based on their user and/or group membership. You can also audit the data and resource usage throughout the lifecycle of the user session across these services. 

This feature is available in the AWS Regions where Amazon Redshift, Amazon QuickSight, AWS Lake Formation, and IAM Identity Center are available. To get started, visit our documentation.