Setting up Quicksight Multi Account SSO

Using IAM Identity Center as a centralized user identity store would be recommended approach as it can scale to fit multi-account approach.

With IAM Identity Center, you can define and assign access across multiple AWS accounts. For example, permission sets create IAM roles and apply IAM policies in multiple AWS accounts, helping to scale the access of your users securely and consistently. When you assign a permission set, IAM Identity Center creates corresponding IAM Identity Center-controlled IAM roles in each account, and attaches the policies specified in the permission set to those roles, which will be used by your federated users.

Kindly refer to this blog for additional information on IAM Identity Center: https://aws.amazon.com/blogs/security/scale-your-workforce-access-management-with-aws-iam-identity-center-previously-known-as-aws-sso/

Kindly use the following guides to implement your solution:

1. Create an AWS Organization and add relevant member accounts: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tutorials_basic.html

2. Use Google Workspace as an external identity provider for AWS IAM Identity Center: https://aws.amazon.com/blogs/security/how-to-use-g-suite-as-external-identity-provider-aws-sso/

3. Link AWS Identity Center to Amazon Quicksight (using permission set approach): https://docs.aws.amazon.com/prescriptive-guidance/latest/quicksight-access-approach/iam-identity-center.html

4. Dashboards in Amazon QuickSight can be co-owned by AWS Identity Center users once the two services are linked (from step above): https://docs.aws.amazon.com/quicksight/latest/user/share-a-dashboard-grant-access-users.html

Hope this helps.