I am in the process of building a BI dashboard using Amazon QuickSight. Originally, we were only using IAM log in credentials to access the dashboard through the console but after some thought, we decided to change to active directory to give easier access to the many stakeholders who will be using the product. Switching to active directory forced us to create a new subscription for QuickSight.
While setting up our second subscription, we selected to use active directory with the option to also access using IAM roles. The idea being that the data science team would use IAM login and stakeholders would use active directory. However, when we switched to subscriptions, all of our IAM log ins no longer would work, only active directory log in would. We contacted AWS support and to our surprise, the representative acknowledged that there is an option to use both IAM and active directory, but he personally did not think that it was actually possible. This is a major issue for us and we are now contemplating resubscribing and just using IAM again.
My question to the community is: does anyone out there use QuickSight and have their dashboards set up with both IAM and active directory login? We cannot believe that AWS would advertise being able to do both, only to be told that no one knows how to do it. Is there anyone out there that works at a company that has a set up like this?
Any feedback is greatly appreciated.
If you subscribe QuickSight with an active directory, you cannot use an IAM user or assume-role session to log in the product to access the dashboards or other assets. For an AD account, an IAM user with necessary permissions can only access the QuickSight console pages to manage the account settings, such as role-group mapping and unsubscription.