How do I resolve login issues with QuickSight?

4 minute read

I can't log in to Amazon QuickSight.

Short description

The following are common reasons for Amazon QuickSight login issues:

The user credentials are incorrect.
The AWS Identity and Access Management (IAM) user is deleted.
The AWS IAM Identity Center is incorrectly set up, or the configuration changed.
A custom namespace is used.
The user is authenticated through an external login.
The browser data must be cleared.

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

The user credentials are incorrect

If you receive the error "Your authentication information is incorrect", then check that you entered the correct account name and username. Both are case sensitive. If you don't know the username, then ask the administrator of the QuickSight account.

If you're the QuickSight account administrator, then use either the QuickSight console or AWS CLI to check the username.

QuickSight console

Complete the following steps:

Open the QuickSight console.
Choose Manage QuickSight.

AWS CLI

Run the list-users command:

$ aws quicksight  list-users --aws-account-id account_id --namespace name_space

Note: Replace account_id with the QuickSight account ID and name_space with your namespace. The default QuickSight namespace name is "default".

If your username is correct, then you might not be an active user. Ask the QuickSight administrator to resend the invitation to set up a new password so that you can log in to the Amazon QuickSight console. If your username is correct and you're an active user, then you might need to change your password. Only QuickSight administrators can reset passwords for active users. Ask the QuickSight administrator to reset the password for you.

IAM Identity Center is incorrectly set, up or the configuration changed

If your QuickSight account uses IAM Identity Center, then it might be incorrectly set up. For more information about IAM Identity Center setup, see Using external identity federation and single sign-on with Amazon QuickSight. If you use AWS Directory Service for Microsoft Active Directory, then see Using Active Directory with Amazon QuickSight Enterprise edition. Also, see QuickSight SSO with ADFS on the QuickSight Community website.

If IAM Identity Center is correctly set up, then check whether the following configurations changed:

IAM Identity Center user attributes
IAM role that's associated with SAML setup

If the configuration changed, then delete the user, create a new user, and transfer resource ownership to the new user.

Note: For IAM Identity Center users with usernames that follow the IAM-Role-name/user-email pattern, the username that's internally stored uses IAM-Role-identifier/user-email. If you delete the IAM role and recreate it with the same name, then the primary identifier changes. The user is then no longer accessible. When you transfer resources from the old user to the new user, the new user can access only the resources that the old user created. Shared resources that another user created aren't transferred and must be shared again.

The IAM user is deleted

If a QuickSight IAM user is no longer part of the AWS account or moved to an IAM role, then a password reset doesn't work. To resolve this issue, delete the old IAM user, create a new IAM user, and transfer resource ownership to the new user.

A custom namespace is used

Custom namespaces are accessible only to federated IAM Identity Center users. If you use password-based or credential-based Active Directory logins, then you must use the default namespace. For more information about namespaces, see Supporting multitenancy with isolated namespaces.

The user is authenticated through an external login

You receive the error "The external login used for federation is unauthorized for the QuickSight user". If users use the AssumeRoleWithWebIdentity API to federate in to QuickSight, then QuickSight maps a single role-based user to a single external login. The user might be authenticated through an external login that's different from the originally mapped user. To resolve this issue, see Individuals in my organization get an "External Login is Unauthorized" message when they try to access Amazon QuickSight.

The browser data must be cleared

If none of the preceding resolutions resolve your login issue, then clear your browser data. First, use a different browser to try to log in to QuickSight. If you can log in with no issues, then clear the data from the browser that you normally use, and try to log in again.

Related information

My email sign-in stopped working

Signing in to Amazon QuickSight

Amazon QuickSight isn't working in my browser

Topics

Analytics

Relevant content

Lost User Login Credentials
marie
asked a year ago
AWS QuickSight IdP permission issue
Accepted Answer
Secfi
asked 2 years ago
Login Window Issue with Amazon Connect Streams
AWS-User-0151029
asked 2 years ago
Quicksight access issues.
rePost-User-2523864
asked a year ago
re:Post login issues
jschwar313
asked 2 years ago
How do I troubleshoot issues with joined data sources in QuickSight?
AWS OFFICIALUpdated 14 days ago
How do I troubleshoot row-level security issues in QuickSight?
AWS OFFICIALUpdated 25 days ago
How do I resolve query timeout errors in QuickSight?
AWS OFFICIALUpdated 2 days ago
How do I resolve the QuickSight error "An error occurred (AccessDeniedException)" when I generate an embedded QuickSight dashboard URL for unregistered users?
AWS OFFICIALUpdated 10 days ago
How to add a collaborator to edit Custom SQL datasets on Amazon QuickSight
EXPERT
kasiaws
published 8 months ago