How do I resolve login issues with QuickSight?

Last updated: 2022-07-28

I'm having trouble logging in to Amazon QuickSight. How do I resolve this issue?

Short description

The following are common reasons for Amazon QuickSight login issues:

  • The user credentials are invalid.
  • The AWS Identity and Access Management (IAM) user is deleted.
  • AWS IAM Identity Center (successor to AWS Single Sign-On) is incorrectly set up, or the configuration changed.
  • A custom namespace is used.
  • The user is authenticated through an external login.
  • The browsing data needs clearing.

Resolution

If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.

The user credentials are invalid

If you receive the error Your authentication information is incorrect, then check that you entered the correct account name and user name. Both are case sensitive. If you don't know the user name, then ask the administrator of the QuickSight account.

If you're the QuickSight account administrator, then complete the following steps to check the user name:

Using the Amazon QuickSight console

  1. Open the Amazon QuickSight console.
  2. Choose Manage QuickSight.

Using the AWS CLI

Run the following command:

$ aws quicksight  list-users --aws-account-id account_id --namespace name_space

Note: Replace account_id with the QuickSight account ID and name_space with your namespace.

If your user name is correct, then you might not be an active user. Ask the QuickSight administrator to resend the invitation to set up a new password to log in to the Amazon QuickSight console. If your user name is correct and you are an active user, then you might need to change your password. Only QuickSight administrators can reset passwords for active users. Ask the QuickSight administrator to reset the password for you.

IAM Identity Center is incorrectly set up or configured

If your QuickSight account uses IAM Identity Center, then it might be incorrectly set up. For more information on IAM Identity Center setup, see Using identity federation and single sign-on (SSO) with Amazon QuickSight. If you use AWS Directory Service for Microsoft Active Directory, then see Using Active Directory with Amazon QuickSight Enterprise edition and QuickSight SSO with ADFS (from the QuickSight Learning Center).

If IAM Identity Center is correctly set up, then check whether the configurations changed for the following:

  • IAM Identity Center user attributes
  • IAM role that's associated with SAML setup

If the configuration changed, then delete the user, create a new user, and transfer resource ownership to the new user.

Note: For IAM Identity Center users with user names that follow the IAM-Role-name/user-email pattern, the user name that's stored internally uses IAM-Role-identifier/user-email. If you delete the IAM role and recreate it with the same name, the underlying identifier changes. The user is then no longer accessible. Also, when you transfer resources from the old user to the new user, the new user can access only the resources that the old user created. Shared resources that are created by another user aren't transferred and must be shared again.

The IAM user is deleted

If a QuickSight IAM user is no longer part of the AWS account or moved to an IAM role, then resetting the password doesn't work. To resolve this issue, delete the old IAM user, create a new IAM user, and transfer resource ownership to the new user.

A custom namespace is used

Custom namespaces are accessible only to federated IAM Identity Center users. If you use password-based or credential-based Active Directory logins, then you must use the default namespace. For more information on namespaces, see Supporting multitenancy with isolated namespaces.

The user is authenticated through an external login

You receive the error The external login used for federation is unauthorized for the QuickSight user. For users that federate in to QuickSight using AssumeRoleWithWebIdentity, QuickSight maps a single role-based user to a single external login. The user might be authenticated through an external login that's different from the originally mapped user. To resolve this issue, see Individuals in my organization get an "External Login is Unauthorized" message when they try to access Amazon QuickSight.

The browsing data needs clearing

If none of the preceding scenarios relate to yours, then clearing your browsing data might work for you. First, try to log in to QuickSight using a different browser. If you can log in with no issues, then clear the browsing data from the browser you normally use, and try to log in again.