Post Syndicated from Jose Kunnackal original https://aws.amazon.com/blogs/big-data/amazon-quicksight-2021-in-review/

With AWS re:Invent just around the corner, we at the Amazon QuickSight team have put together this post to provide you with a handy list of all the key updates this year. We’ve broken this post into three key sections: insights for every user, embedded analytics with QuickSight, scaling and governance.

Insights for every user

Amazon QuickSight allows every user in the organization to get a better understanding of data – through simple natural language questions and interactive dashboards for end-users, or ML-powered data exploration for business analysts. Developers can add embedded visualizations, dashboards, and Q to their apps to differentiate and enhance user experiences. Let’s take a look at the new experiences and features that you can deploy to your users from our 2021 updates.

Amazon QuickSight Q for true self-service for end-users

Earlier this year, Amazon QuickSight Q became generally available, making machine learning (ML) powered Q&A available for end-users to simply ask questions of their data—no training or preparation needed. End-users can go beyond what is presented in the dashboard with Q, avoiding the typical back-and-forth exchanges between the end-user and business intelligence (BI) teams, and the often weeks-long wait associated with adding a new dashboard or visual. It also allows end-users to more intuitively understand data, without having to interpret different visualizations, or understand filters or other elements in a traditional BI dashboard.

For example, a sales manager can simply ask the question “What were monthly sales in California this year?” to get a response from Q. To go deeper, they could follow up with “Who were the top five customers by sales in California?” Q presents a visual response to the user, no manual changes or analysis needed. Q can also be embedded into applications, allowing developers to augment and differentiate their application’s experiences. For more information on Q and how to get started, see Amazon QuickSight Q – Business Intelligence Using Natural Language Questions.

Free-form layouts, new chart types, and much more for pixel-perfect, interactive dashboards

Authors of QuickSight dashboards can now use the new free-form layout, which allows precise placement and sizing of dashboard components, overlay of charts and images, and conditional rendering of elements based on parameters. The combination of these features, along with granular customization options now available across charts (such as hiding grid lines, axis labels, and more) allow dashboards in QuickSight to be highly tailored to specific use cases or designs. The following screenshots show examples of customized dashboards using the free-form layout.

Authors can also use new visual types in QuickSight, such as the dual axis line chart and Sankey, to quickly add new ways of presenting data in dashboards. Sankey charts in particular have been very popular among QuickSight users, allowing visualization of cash flows, process steps, or visitor flows on a website—without having to extensively customize charts or license external plug-ins. We also added the option to add custom web components in dashboards, which allows you to embed images, videos, web pages, or external apps. When combined with the ability to pass parameter values into the custom components, this provides dashboard authors with a very broad set of creative possibilities.

The screenshot below shows an example of dual axis line chart (on the left) where high and volume metrics are mapped on two different scales within the same chart.

The screenshot below shows a Sankey chart showing consumption modes and channels for different energy sources.

The following screenshot shows an example of embedded web content (physical store navigation by different transit modes) within a QuickSight dashboard.

Tables and pivot tables have also received a broad set of updates, allowing authors to customize these extensively to meet organizational design standards, with new features allowing you to do the following:

• Increase row height
• Wrap text
• Vertically align content
• Customize background color, font color, borders, grid lines, and banding
• Style and highlight your totals and subtotals
• Style and hyperlink content to external resources
• Add images within table cells

The following screenshot shows a customized table visual with links, images, font color, borders, grid lines, banding, text wrap, and custom row height.

The following screenshot shows a pivot table with custom styling for totals and sub-totals.

For deeper analytical exploration of data, we’ve enabled custom sorting of content in visualizations and pivot tables to allow well-defined presentation of content. Custom tooltips allow dashboard authors to add additional context beyond what’s readily available from the visual data on screen. You can now use parameters to dynamically populate titles and subtitles of visuals in dashboards. Time data can be aggregated to seconds, which is helpful for Internet of Things (IoT) and industrial use cases, and filters now allow exclusion of time fields completely to support business-facing use cases where day/month/year are the primary factors.

In filters, we’ve added wildcard search for faster filters for authors and end-users, multi-line filters to allow multiple values to be easily pasted for filtering, and an update to the relative date control to allow readers to select a custom date range over a relative period that has been selected besides selecting time period relative to today.

Consume and collaborate on dashboards

For easier collaboration within an organization, QuickSight now supports 1-click embedding of dashboards in wikis, SharePoint, Google sites, and more, requiring zero development efforts. This makes embedding dashboards as easy as embedding your favorite music video. We’ve also introduced link-based sharing of dashboards, which means that if desired, you can share a dashboard with all users in your organization without having to enable specific users or groups individually.

Threshold-based alerts in QuickSight allow dashboard readers to be notified when specific thresholds are breached by KPIs in a dashboard. Together with available ML-powered automated anomaly alerts, this allows readers to set up notification mechanisms when there are important expected or unexpected changes in data.

This year, we also launched the ability to share a view of a QuickSight dashboard, which allows readers to generate and provide a unique URL to others that captures the state of their filters. This allows for easy discussions around the shared view of data.

For offline access, readers can now receive PDF snapshots of their data, personalized to their specific roles and use cases. Authors set this up using the new personalized email reports feature, allowing unique emails to be sent to thousands of users at a predefined interval, each showing the end-user’s specific view of the data.

Create a reusable data architecture

Whether in a large organization or in a developer setting, creating and reusing datasets plays a significant role in ensuring that shared interpretations of data across the organization are accurate. To support this, QuickSight introduced dataset as a source, a new feature that allows a QuickSight dataset to be a source for creating another dataset. This creates a data lineage across the datasets. Updates related to calculated fields, data refreshes, row-level security, and column-level security can be configured to automatically propagate to datasets, providing a powerful data management tool. For more information, see Creating a Dataset Using an Existing Dataset in Amazon QuickSight.

As part of the logical information contained in the dataset, you can now create field folders to group fields, add metadata to fields, or include aggregate calculations in your dataset, which allows standardized calculations to be predefined and shared for easy inclusion in dashboards by authors.

Datasets are now also versioned, allowing authors and data owners to quickly switch from one version to another, with no API calls or changes needed.

The screenshot below shows an example of version/publishing history of dataset from the preparation screen.

Lastly, QuickSight continues to add to existing live analytics options across Amazon Redshift, Snowflake, SQL Server, Oracle, and other data warehouses with the addition of Exasol. This allows authors a range of options in exploring PB-scale datasets directly from the cloud.

Embed insights into apps

Customers such as 3M, Bolt, Blackboard, NFL, Comcast, and Panasonic Avionics use QuickSight for embedded analytics that serve their customers and partners, saving months and years of development and ongoing maintenance time that would otherwise be needed to create a rich analytics layer in their products. QuickSight also lets customers introduce the latest advancements in BI such as ML-powered Insights and Natural Language Querying in end-user facing applications.

Getting started with embedded dashboards for proofs of concept in software as a service (SaaS) app integrations now only takes minutes, with our new 1-click embedding option. For deeper app integration with transparent authentication, we support server-side calls to QuickSight for embedding, including a new tag-based row-level security option so you can easily add non-modifiable filters to your dashboard. This means that you can embed a multi-tenant embedded dashboard for hundreds of thousands of users without all the heavy lifting needed to duplicate and manage these users in QuickSight or another BI product.

Developers now also have the powerful differentiator of Q as part of QuickSight’s embedded feature set. Q can be embedded into applications, allowing end-users to simply ask questions of data, along with shared context of insights provided through embedded QuickSight dashboards in the app. Some sample embedded dashboards are available on DemoCentral.

For developers and independent software vendors looking to consolidate their interactive dashboards and email reports in QuickSight, we also introduced the ability to customize email reports. This allows customization of the from address, logo, background color, and footer in the email, as shown in the following screenshot.

When combined with the existing functionality of embedding the QuickSight authoring experience, QuickSight now provides developers with a strong suite of embedded analytics capabilities ranging from embedded interactive dashboards, embedded ML-powered Q&A with Q, embedded authoring, and customized email reports.

Scaling and governance

The fully managed, cloud-native architecture of QuickSight has been a delighter for our broad customer base—no servers or nodes to set up, no software updates or patches to manage, and absolutely no infrastructure to think about.

SPICE, the in-memory calculation engine in QuickSight, has been a key pillar of this serverless architecture, allowing data to scale from tens of users to hundreds of thousands without any customer intervention. We have doubled our SPICE data limits to 500 million rows of data per dataset, and now support incremental data refreshes for SQL-based data sources, such as Amazon Redshift, Amazon Athena, PostgreSQL, or Snowflake every 15 minutes, which cuts down time between data updates by 75%. Incremental refreshes also update SPICE datasets in a fraction of the time a full refresh would take, enabling access to the most recent insights much sooner.

This year, we introduced multiple simplifications and security mechanisms as you create your QuickSight account. Administrators signing up to QuickSight can pick from an existing role in their AWS account instead of QuickSight creating a custom service role for the account. This allows you to set up your own role for a group of codependent AWS services and QuickSight that you want to work together.

Admins can now use service control policies (SCPs) to control QuickSight sign-up options within your organization. For example, admins can set up service control policies that deny sign-ups for QuickSight Standard Edition and turn off the ability to invite any users other than those possible via federated single sign-on (SSO).

Admins can also set up QuickSight with SSO such that email addresses for end-users are automatically synced at first-time login, avoiding any manual errors during entry, and preventing use of personal email addresses. See Secure and simplify account setup and access management with new Amazon QuickSight administrative controls to learn more.

QuickSight admins can now also enforce source IP restrictions on access to the QuickSight UI, mobile app, as well as embedded pages. This allows you to secure your data within QuickSight and only keep it for trusted sources to access. See Use IP restrictions to control access to Amazon QuickSight to learn more.

Lastly, adding to our existing certifications (SOC, PCI, HIPAA, and more), we’re now FedRamp High compliant in US GovCloud (West), providing government workloads with the same serverless benefits that our customers have enjoyed.

Conclusion

QuickSight serves millions of dashboard views weekly, enabling data-driven decision-making in organizations of all sizes. Best Western Hotels and Resorts use QuickSight to improve operations worldwide, and provides hotel operators with a real-time look at key metrics that are critical to the business, with over 23,000 users of QuickSight. True Blue, a company focused on specialized workforce solutions, including staffing, talent management, and recruitment process outsourcing, uses QuickSight to deliver more accurate pricing and grow their business across over 500 locations. Vyaire Medical, a global company focused on breathing in every stage of life, used QuickSight to scale up production of ventilators by 20 times during the COVID-19 pandemic. Accelo, a leading cloud-based platform for managing client work from prospect to payment for professional services companies, chose QuickSight to provide embedded analytics to their end-users within their web application.

The features we discussed in this post provide a key summary of the changes over this year that have helped accelerate these and other customers adopt QuickSight.

At re:Invent 2021, you will hear from the NFL—the world’s biggest sports league—about how QuickSight powers their Next Gen Stats portal and provides the NFL clubs, broadcasters, and researchers with real-time and historical stats. You’ll also learn and how Q will revolutionize how data is consumed.

On the embedded analytics front, we will have 3M, a pioneer in global healthcare, and Bolt, which is redefining the online checkout space for millions of users, speak about how QuickSight powers analytics for their end-users and lets them scale to all of their users without any infrastructure overheads.

We also have Accenture and Amazon’s own finance team speaking about how QuickSight allows them to move away from legacy BI to a cloud-native future, while providing the governance and compliance needs typical in the finance world.

This year, you can simply register for re:Invent online and view these sessions from the comfort of your chair. We look forward to connecting with you at re:Invent, whether in-person at our booth and sessions or virtually, and as always look forward to your feedback.

About the Author

Jose Kunnackal, is a principal product manager for Amazon QuickSight, AWS’ cloud-native, fully managed BI service. Jose started his career with Motorola, writing software for telecom and first responder systems. Later he was Director of Engineering at Trilibis Mobile, where he built a SaaS mobile web platform using AWS services. Jose is excited by the potential of cloud technologies and looks forward to helping customers with their transition to the cloud.

Sahitya Pandiri is a technical program manager with Amazon Web Services.

Post Syndicated from Shailesh Chauhan original https://aws.amazon.com/blogs/big-data/iterate-confidently-on-amazon-quicksight-datasets-with-new-dataset-versions-capability/

Amazon QuickSight allows data owners and authors to create and model their data in QuickSight using datasets, which contain logical and semantic information about the data. Datasets can be created from a single or multiple data sources, and can be shared across the organization with strong controls around data access (object/row/column level security) and metadata included, and can be programmatically created or modified. QuickSight now supports dataset versioning, which allows dataset owners to see how a dataset has progressed, preview a version, or revert back to a stable working version in case something goes wrong. Dataset Versions gives you the confidence to experiment with your content, knowing that your older versions are available and you can easily revert back to it, if needed. For more details, see Dataset Versions.

In this post, we look at a use case of an author editing a dataset and how QuickSight makes it easy to iterate on your dataset definitions.

What is Dataset Versions?

Previously, changes made to a dataset weren’t tracked. Dataset authors would often make a change that would break the underlying dashboards, and they were often worried about the changes made to the dataset definitions. Dataset authors spent time figuring out how to fix the dataset, which could take significant time.

With Dataset Versions, each publish event associated with the dataset is tracked. Dataset authors can review previous versions of the dataset and how dataset has progressed. Each time someone publishes a dataset, QuickSight creates a new version, which becomes the active version. It makes the previous version the most recent version in the version list. With Dataset Versions, authors can restore back to a previous version if they encounter any issue with the current version.

To help you understand versions better, let’s take the following scenario. Imagine you have a dataset and have iterated on it by making changes over time. You have multiple dashboards based on this dataset. You just added a new table called regions to this dataset. QuickSight saves a new version, and dashboards dependent on it the dataset break due to the addition of this table. You realize that you added the wrong table—you were supposed to add the stateandcity table instead. Let’s see how the Dataset Versions feature comes to your rescue.

Access versions

To access your dataset versions, choose the Manage menu and Publishing History on the data prep page of the dataset.

A panel opens on the right for you to see all the versions. In the following screenshot, the current active version of the dataset is version 38—published on November 10, 2021. This is the version that is breaking your dependent dashboards.

See publishing history

As you make changes to the dataset and publish the changes, QuickSight creates a timeline of all the publishes. You see the publishing history with all the events tracked as a tile. You can choose the tile to preview a particular version and see the respective dataset definition at that time. You know that the dataset was working fine on October 18, 2021 (the previous version), and you choose Preview to verify the dataset definition.

Revert back

After you confirm the dataset definition, choose Revert to go back the previous stable version (published on October 18, 2021). QuickSight asks you to confirm, and you choose Publish. The dataset reverts back to the old working definition and the dependent dashboards are fixed.

Start a new version

Alternatively, as you’re previewing the previously published good version (version 37, published October 18, 2021), you can start fresh from that version. The previous version just had the retail_sales_new table, and you can add the correct table stateandcity to the dataset definition. When you choose Publish, a new version (version 39) is created, and all the dashboards have this new working version, thereby fixing them.

Conclusion

This post showed how the new Dataset Versions feature in QuickSight helps you easily iterate on your datasets, showing you how a dataset has progressed over time and allowing you to revert back to a specific version. Dataset Versions gives you the freedom to experiment with your content, knowing that your older versions are available and you can revert back to them, if required. Dataset Versions is now generally available in QuickSight Standard and Enterprise Editions in all QuickSight Regions. For further details, visit see Dataset Versions.

About the Authors

Shailesh Chauhan is a product manager for Amazon QuickSight, AWS’s cloud-native, fully managed SaaS BI service. Before QuickSight, Shailesh was global product lead at Uber for all data applications built from the ground up. Earlier, he was a founding team member at ThoughtSpot, where he created world’s first analytics search engine. Shailesh is passionate about building meaningful and impactful products from scratch. He looks forward to helping customers while working with people with a great mind and big heart.

Mayank Jain is a Software Development Manager at Amazon QuickSight. He leads the data preparation team that delivers an enterprise-ready platform to transform, define and organize data. Before QuickSight, he was Senior Software Engineer at Microsoft Bing where he developed core search experiences. Mayank is passionate about solving complex problems with simplistic user experience that can empower customer to be more productive.

Post Syndicated from Kareem Syed-Mohammed original https://aws.amazon.com/blogs/big-data/embed-interactive-dashboards-in-your-apps-and-portals-in-minutes-with-amazon-quicksights-new-1-click-embedding-feature/

Amazon QuickSight is a fully-managed, cloud-native business intelligence (BI) service that makes it easy to connect to your data, create interactive dashboards, and share these with tens of thousands of users, either directly within a QuickSight application, or embedded in web apps and portals.

QuickSight Enterprise Edition now supports 1-click embedding, a feature that allows you to embed rich, interactive dashboards in apps, wikis, and portals without needing to call embedding APIs. Authorized end-users can start accessing these dashboards instantly, without any server deployments or infrastructure licensing needed! 1-click embedding allows you to enable your users with insights in minutes.

In this post, we discuss the steps to implement this solution, the end-user experience, and a sample use case.

Solution overview

To implement the solution, we will walk through the following steps:

1. Enable permissions on the dashboard (through the UI or API).
2. Allow list the domain where you want to embed the dashboard in QuickSight.
3. Embed the dashboard.

Step 1: Enable permissions on the dashboard

After you create a QuickSight dashboard, to enable access, open the dashboard and on the top right choose the share icon and choose Share dashboard.

This opens the share screen. By default, a dashboard in QuickSight isn’t shared with anyone and is only accessible to the owner. In the following screenshot, the dashboard is shared with (and therefore accessible by) admin-user1 (the owner of the dashboard).

You can search for individual users or groups in your account that you want to share this dashboard with. For example, see the following screenshot.

In this example, the owner of the dashboard searches for a user whose email starts with son, which returns three options. The listed users can be authors or readers in the account. When you choose ADD next to every search result, based on the role (author or reader), you can select the permission level (viewer or co-owner) and add the user to access the dashboard. Authors can be added to this dashboard as viewers or co-owners. Viewers can view, export, and print a dashboard. Co-owners can do all actions that viewers can do and can also edit, delete, or share the dashboard, or build new dashboards from this dashboard. Readers can be added only as viewers. Dashboard owners can similarly search for and add groups to access the dashboard.

The following screenshot shows all the added users with whom we want to share this dashboard.

You can also enable all users on your QuickSight account to access the dashboard by enabling access to Everyone in this account, as shown in the following screenshot.

When this option is enabled, users who haven’t been added explicitly to access the dashboard can now access the dashboard via the link available via the Copy option (available on the top of the Share dashboard page) or when embedded. To revoke this account-wide dashboard access to everyone on your account, you disable the same toggle.

Also, when this option is enabled, owners have the option to enable the dashboard to show this dashboard in all users’ QuickSight accounts, as shown in the following screenshot. Enabling this option ensures that the dashboard is visible in the Dashboards list for every user in the account. If this is disabled, they can still access the dashboard if they have the link, or if it’s embedded, but they can’t see it in their list of dashboards on the home screen.

Step 2: Allow list the embedding domain

The domain where the dashboard is to be embedded must be allow listed in QuickSight. For instructions, see Adding Domains for Embedded Users.

Step 3: Embed the dashboard

After you set your desired access to the dashboard, you can choose Copy embed code, which copies the embed code for that dashboard. This code embeds the dashboard when added to the internal application.

The copied embed code is similar to the following code (the QuickSight domain is the URL you use to access your QuickSight account):

    <iframe
        width="960"
        height="720"
        src="https://quicksightdomain/sn/embed/share/accounts/
        <accountid>/dashboards/<dashboardid>">
    </iframe>

Embed a dashboard in an HTML page

To embed the dashboard in an HTML page, open the HTML of the page where you want to embed the dashboard and enter the copied embed code into the HTML code.

Now, let’s look at some common embedding scenarios in an organization.

Embed a dashboard in a Google site

If you have your internal applications built on Google sites, to embed your dashboard, open the page on Google site, and choose Insert and Embed. A pop-up window appears with a prompt to enter a URL or embed code. Choose Embed code and enter the copied embed code in the text box.

Make sure to allow list the following domains in QuickSight when embedding in Google sites https://googleusercontent.com (enable subdomains), https://www.gstatic.com and https://sites.google.com.

Embed a dashboard in a SharePoint site

You can embed a dashboard when you’re creating a SharePoint site (template type Publishing). Choose New to create a new page.

On the Insert ribbon, choose Embed Code.

In the pop-up that opens, insert the embed code that you copied.

If you’re embedding dashboards in software as a service (SaaS) apps or portals that have their own authentication schemes, you can continue using these and seamlessly serve dashboard to the users. For more information, see Embed multi-tenant dashboards in SaaS apps using Amazon QuickSight without provisioning or managing users.

End-user experience

After you embed the dashboard in your application, users that you enabled earlier can access it. In this section, we walk through the user experience with and without single sign-on (SSO) integration with QuickSight.

Experience when QuickSight has SSO integration enabled

When SSO is enabled, when users access the application, they are single signed-on to QuickSight and aren’t presented with the authentication pop-up. If users have access to the dashboard, they see the data on the dashboard and can interact with it. If they don’t have access to the dashboard, they see a message that they’re not authorized to view the dashboard.

In the following screenshot, the user is authenticated with SSO and sees the dashboard.

You can set up SP-initiated SSO if you’re using an existing identity provider (IdP) such as Ping, Okta, or Azure AD. To learn more about enabling SSO on QuickSight, see Using Identity Federation and Single Sign-on (SSO) with Amazon QuickSight and Federate Amazon QuickSight access with Okta.

Experience when QuickSight doesn’t have SSO integration enabled

Without SSO integration, when end-users access the application, they see the embedded dashboard (requiring authentication) along with a pop-up to authenticate into QuickSight. After users enter their QuickSight credentials, the pop-up closes and the dashboard is loaded on the application. If the user has access to the dashboard, they see the data on the dashboard and can interact with it.

The following screenshot shows a dashboard that is embedded in an internal SharePoint site that tracks weekly shipped orders, and users are asked to authenticate.

The following is the pop-up to authenticate.

Use case

In this section, we explore an example use case of a small enterprise, a shoe retailer named WonderShoes. They have recently ventured into telecommerce (selling via phone channel) and have set up call centers in their company to take customer calls from those who are interested in buying shoes.

They’re embedding a dashboard in their internal site that tracks the call volume, other call-related metrics, and sales metrics that they measure on daily business. They have built out a dashboard and enabled all their internal users to be able to access this dashboard. With the 1-click embed feature, they have embedded the following embed code in their internal application’s page:

<iframe
        width="800" 
        height="600" 
        src="https://us-east-1.quicksight.aws.amazon.com/sn/embed/share/
        accounts/ACCOUNTID/dashboards/DASHBOARDID> 
</iframe> 

The following screenshot shows their internal application with the embedded dashboard and authentication prompt.

Users are authenticated and then can see the dashboard. If they come back to the site with valid authentication cookies, they can see the dashboard without needing to authenticate again.

This feature enabled WonderShoes to embed their dashboard quickly and have all their internal employees access the embedded dashboard. They can now gather rich insights and make quick data-driven business decisions to grow their new telecommerce business division.

Conclusion

With 1-click enterprise embedding, enterprises can now embed rich and interactive QuickSight dashboards quickly and easily. This enables you to share important metrics and data insights with all users in your account with a click of a button – all without any infrastructure setup or management while scaling to millions of users. QuickSight also supports embedding in SaaS apps without any user management needed. To learn more about this, read this blogpost.

For more updates about QuickSight embedded analytics, see What’s New in the Amazon QuickSight User Guide.

About the Authors

Kareem Syed-Mohammed is a Product Manager at Amazon QuickSight. He focuses on embedded analytics, APIs, and developer experience. Prior to QuickSight he has been with AWS Marketplace and Amazon retail as a PM. Kareem started his career as a developer and then PM for call center technologies, Local Expert and Ads for Expedia. He worked as a consultant with McKinsey and Company for a short while.

Kenz Shane is a UI Designer for Amazon QuickSight. As part of the product’s Business Intelligence User Experience (BIUX) team, she specializes in creating customer-focused visual interfaces. Previously, she worked with the Experience Innovation Group at Dell, serving as a subject matter expert in enterprise-grade user interface (UI) design, accessible data visualization, and design systems. Kenz has provided art direction and design for clients across multiple industries, including Nordstrom, Columbia Hospitality, AIGA, and Warner Bros.

Raji Sivasubramaniam is a Specialist Solutions Architect at AWS, focusing on Analytics. Raji has 20 years of experience in architecting end-to-end Enterprise Data Management, Business Intelligence and Analytics solutions for Fortune 500 and Fortune 100 companies across the globe. She has in-depth experience in integrated healthcare data and analytics with wide variety of healthcare datasets including managed market, physician targeting and patient analytics. In her spare time, Raji enjoys hiking, yoga and gardening.

Srikanth Baheti is a Specialized World Wide Sr. Solution Architect for Amazon QuickSight. He started his career as a consultant and worked for multiple private and government organizations. Later he worked for PerkinElmer Health and Sciences & eResearch Technology Inc, where he was responsible for designing and developing high traffic web applications, highly scalable and maintainable data pipelines for reporting platforms using AWS services and Serverless computing.-

Post Syndicated from Sahitya Pandiri original https://aws.amazon.com/blogs/big-data/send-personalized-email-reports-with-amazon-quicksight/

Amazon QuickSight now supports personalization of email reports by user, which allows you to send customized snapshots of data in either PDF or image formats. This allows you to create a single dashboard that you can configure to load with different defaults for each user, providing a customized view of the dashboard in both email and interactive formats. In this post, we walk you through how to roll out customized daily, weekly, or monthly reports for thousands of users – without any servers to set up or manage.

Solution overview

QuickSight supports personalized emails via row-level or column-level security, or dynamic defaults for parameters. You can use row-level or column-level security when you want to restrict data available on dashboards by user, and only present data that they are authorized to see. Dynamic defaults, on the other hand, allow users to access all the data but make sure that each user gets a personalized view without data restrictions if they wish to browse other views of the data.

When used with emails, both models allow you to provide personalized email reports for each user. Dynamic defaults, however, also allow you to handle conditional rendering of visuals using parameter settings that allow you to personalize dashboards and email reports by the user by showing and hiding visuals as needed.

Let’s start with the following example dashboard, which shows sales insights and trends across different segments, categories, and states for any given date.

This dashboard is built with the new free-form layout that allows you to build pixel-perfect dashboards. You can define visual placement with X and Y coordinates, define height and width of visuals at the pixel level, and overlay visuals if needed. In addition to flexible visual placements, you can also set background, borders on visuals and filter controls. To learn more about building dashboards with free-form layouts, see Create stunning, pixel perfect dashboards with the new free-form layout mode in Amazon QuickSight.

Personalizing your dashboard

You can further customize this view for your readers so it always shows insights relevant to them on the dashboard, email reports, and the PDF attached to the email.

To personalize the dashboard, create a data table with dynamic default rules similar to the following table. In this table, you need to have the following columns: UserID for QuickSight usernames of dashboard readers, followed by one column each for parameters to set defaults to. For example, after we apply the following dynamic defaults dataset to our sample dashboard, when Ben Brown with username [email protected] accesses the dashboard, it shows business metrics for the Strategic segment within Aluminium category and Washington state.

To apply this dynamic default table to the dashboard, complete the following steps:

1. Create a dataset with your dynamic default table on QuickSight.

This can be a SPICE or direct query dataset depending on where the rules are and how frequently the rules are updated. If rules are maintained in your backend source tables and updated often, create a direct query dataset. If the rules are uploaded from a flat file or are maintained in your backend source tables but not updated often, you can keep them in SPICE and schedule a refresh if needed.

2. Add the dynamic default dataset to the analysis.
   
3. Navigate to the analysis you want to set default rules on.
4. In the navigation pane, choose Parameters.
5. Choose the parameter you want to set defaults on and choose Set a dynamic default.
   
6. Configure dynamic defaults by choosing the rules dataset, and mapping the user name, group name, and default columns to those from the dataset.

You can set dynamic defaults for individual users and also user groups.

7. Repeat these steps for all parameters you want to set dynamic defaults on.

You can also add these parameters within titles and subtitles for a personalized view so readers know what fields the dashboard is filtered by.

Show and hide visuals

Additionally, you can conditionally show and hide visuals based on parameter values. You can use this in many creative ways, such as changing the visual type based on the parameter selected. For example, selecting Strategic as the segment could show a box plot of order quantity range grouped by Category. If you set the segment to SMB, you can replace the box plot with a different chart type. To conditionally show and hide visuals, complete the following steps:

1. Create the visual you want to conditionally show and hide on the analysis.
2. Click the pencil icon to edit the visual’s settings.
3. Expand Rules and turn Hide this visual by default on.

In the following dashboard, the box plot is hidden by default, and is configured to show only when the segment parameter is set to Strategic.

4. Similarly, create a scatter plot and configure the dashboard to hide this visual by default and only show when the segment parameter is set to SMB.
5. Overlap this visual with the box plot visual so that either visual shows within this placement depending on the segment selected.
   

Publish and schedule email reports

Finally, publish the dashboard and share with all your readers, and schedule an email report and also configure to attach dashboard PDF to the report.

Readers now receive different views of the same dashboard, personalized to them, and showing metrics on the business sectors they care about.

For our example dashboard, Ben Brown receives an email report with business metrics for the Strategic segment and Aluminum category within Washington.

Anna Scott receives an email report of the same dashboard with for the SMB segment, Copper & Diamond category, and California state.

Conclusion

With the support for dynamic defaults on email reports, free form layout, and condition rendering of visuals, QuickSight allows you to build and deliver custom dashboards with personalized insights with end-users, directly to their email inboxes.

Learn more about other core capabilities such as Natural Language Querying with QuickSight Q and Embedded Analytics here.

About the Author

Sahitya Pandiri is a technical program manager with Amazon Web Services.

Post Syndicated from Shailesh Chauhan original https://aws.amazon.com/blogs/big-data/create-larger-spice-datasets-and-refresh-data-faster-in-amazon-quicksight-with-new-spice-features/

Amazon QuickSight is a scalable business intelligence (BI) service built for the cloud, which allows insights to be shared with all users in the organization. QuickSight offers SPICE, an in-memory, cloud-native data store that allows end-users to interactively explore data. SPICE provides consistently fast query performance and automatically scales for high concurrency. With SPICE, you save time and cost because you don’t need to retrieve data from the data source (whether a database or data warehouse) every time you change an analysis or update a visual, and you remove the load of concurrent access or analytical complexity off the underlying data source with the data.

Today, we’re introducing incremental refresh in SPICE, with a refresh rate of 15 minutes (four times faster than before), which improves freshness of data in SPICE. In addition, we’re doubling SPICE limits on a per dataset basis to 500 million rows (twice that of our previous 250 million row limit). In this post, we walk through these new capabilities and how you can use them to create SPICE datasets that can help you scale your data to all your users.

What’s new with QuickSight SPICE?

We’ve added the following capabilities to QuickSight:

• Incremental refresh – QuickSight now supports incrementally loading new data to SPICE datasets without needing to refresh the full set of data. With incremental refresh, you can update SPICE datasets in a fraction of the time a full refresh would take, enabling access to the most recent insights much sooner. You can schedule incremental refresh to run up to every 15 minutes on a dataset on SQL-based data sources, such as Amazon Redshift, Amazon Athena, PostgreSQL, Microsoft SQL Server, or Snowflake.
• 500 million row SPICE capacity – The QuickSight SPICE engine now supports datasets up to 500 million rows or 500 GB in size. This change lets you use SPICE for datasets twice as large than before.

In the next sections, we show you how to get started with incremental refresh and 500 million row SPICE capacity.

Create large datasets

Let’s say you’re part of the central data team that has access to data tables in data sources. You want to create a central dataset for analysts. SPICE can now scale to double the capacity, so you can create a large scaled dataset rather than create and maintain several unconnected datasets. You can bring in up to 32 tables (from different data sources) in a single dataset to a total of 500 million rows. You can enjoy the double capacity of SPICE with no extra step—it’s automatically available. To create a dataset, simply choose New Dataset on the Data page. On the Data Prep page for the new dataset, choose Add data to add tables to a single dataset.

Set up incremental refresh

With incremental refresh, QuickSight now allows you to ingest data incrementally for your SQL-based sources (such as Amazon Redshift, Athena, PostgreSQL, or Snowflake) in a specified time period. On the Datasets page, choose the dataset, and choose Refresh now or Schedule a refresh.

For Refresh type, select Incremental refresh.

Configure look-back window

While setting up incremental refresh, you have to specify a look-back window (for example, 1 day, 1 week, 6 hours) in which new rows are found, and modified and deleted rows sync. This means that less data needs to be queried and transferred for each refresh, thereby increasing the speed at which ingestions can complete.

Let’s walk through an example to illustrate the concept. We have a dataset that contains 6 months’ worth of sales records: 180,000 records (1,000 records per day). Right now, the dataset contains data from January 1 to June 30, and today is July 1. I run an incremental refresh with a look-back window of 7 days. QuickSight queries the database asking for all data since June 24 (7 days ago): 7,000 records. All the changes since June 24, including deleted, updated, and added data, are propagated into SPICE. The next day, July 2, QuickSight does the same, but querying from June 25 (7,000 records). The end result is that rather than having to ingest 180,000 records every day, you only have to process 7,000 records.

You can set up a look-back window as part of setting up your incremental refresh. After you select Incremental refresh from the steps in the preceding section, choose Configure.

You can choose all eligible date columns to use for look-back and the window size, which QuickSight uses to query for that range. Then choose Submit.

Schedule an incremental refresh

A scheduled SQL incremental refresh allows you to regularly ingest data from a data source to SPICE, incrementally. To set up a scheduled SQL incremental refresh, similar to manual incremental refresh, if this is a first-time setup, you’re prompted to set up a look-back window. After configuration, choose the time zone, repetition interval, and starting time and choose Create.

The scheduled refresh begins at the time you specified.

Set up full ingestion

Previously, for SPICE datasets, the only update mechanism in QuickSight was a full refresh. All the data defined by the dataset was queried and transferred into the dataset from its source, fully replacing what previously existed. With incremental refresh, you can update your data every 15 minutes. However, we still recommend a full refresh to make sure your dataset is in sync with the source. You can set up a full ingestion every week on a weekend to not disrupt any business workflows.

Conclusion

With incremental refresh and double SPICE capacity, QuickSight enables you to create datasets to cater to your scaling business needs in the following ways:

• Faster and reliable refreshes – Incremental refreshes are faster because only the most recent data needs to be refreshed and not the entire dataset. Additionally, the refreshes are also more reliable because you don’t need to spend time on long-running queries or any potential network disruptions.
• Large datasets – SPICE can now scale up to 500 million rows, but you don’t have to spend time updating, because you can update incrementally and don’t need to refresh the entire dataset.
• Easy setup with fewer resources – With incremental refresh, you have less data to refresh. This reduces overall consumption of resources needed. The setup process is also much simpler with scheduled incremental refresh.

QuickSight’s SPICE incremental refresh and 500 million row SPICE capacity can help you create scalable and reliable datasets without putting a strain on underlying data sources. These features are now generally available in QuickSight Enterprise Editions in all Regions. Go ahead and try it out! To learn more about refreshing data in QuickSight, see Refreshing Data.

About the Authors

Shailesh Chauhan is a Product Manager at Amazon QuickSight, AWS’ cloud-native, fully managed BI service. Before QuickSight, Shailesh was global product lead at Uber for all data applications built from ground-up. Earlier, he was a founding team member at ThoughtSpot, where he created world’s first analytics search engine. Shailesh is passionate about building meaningful and impactful products from scratch. He looks forward to helping customers while working with people with great mind and big heart.

Anilkumar Senesetti is a Software Development Manager at AWS QuickSight. He leads the Data Ingestion (DI) team that delivers solutions to accelerate ingestion of customers data into SPICE ensuring correctness, durability, consistency and security of the data. With 15 years of industry experience in business intelligence domain, he provides valuable insights across layers to deliver solutions that improve customer experience. He is passionate about predictive analytics and outside of the work, he enjoys building features on astrological website that he owns.

Post Syndicated from Mayank Agarwal original https://aws.amazon.com/blogs/big-data/use-ip-restrictions-to-control-access-to-amazon-quicksight/

Amazon QuickSight is a fully-managed, cloud-native business intelligence (BI) service that makes it easy to connect to your data, create interactive dashboards, and share these with tens of thousands of users, either within the QuickSight interface, or embedded in software as a service (SaaS) applications or web portals. Unlike many of the other solutions in the market today, QuickSight requires no server deployments or management for scaling to tens of thousands of users, and authors build dashboards using a web-based interface, with out any client downloads needed. QuickSight also supports private VPC connectivity to AWS databases and analytics services such as Amazon Relational Database Service (Amazon RDS) and Amazon Redshift, and AWS Identity and Access Management (IAM) permissions-based access to Amazon Simple Storage Service (Amazon S3) and Amazon Athena, making it secure and easy to access data in AWS via QuickSight.

In this post, we explore a new feature in QuickSight that allows administrators to further secure access to QuickSight with IP-based access restrictions. With this feature, you can enforce source IP restrictions on access to the QuickSight UI, mobile app, as well as embedded pages. For more information, see Turning On Internet Protocol (IP) Restrictions in Amazon QuickSight.

Solution overview

Our use case features OkTank, a fictional enterprise in the fintech space. They have hundreds of users across internal teams such as finance and HR that use QuickSight for their BI gathering needs. Employees in these teams use their respective QuickSight credentials to log in to QuickSight and do their work. In addition to the team-specific BI dashboards, some common dashboards are accessible to all the employees in the organization. These dashboards reflect overall business metrics such as number of active customers and the company’s growth over time.

Employees with access to the common dashboard and their QuickSight account are sometimes working with sensitive data, and in certain cases end-user data as well. Even though they need to have login credentials to use QuickSight, QuickSight is accessible outside of OkTank’s VPN network.

OkTank’s information security team would like to ensure employees only access QuickSight or view common dashboards while they’re within the company’s private network via VPN.

Enable IP-based restrictions

To enable IP-based restrictions, OkTank’s IT administrator with IAM credentials who has access to QuickSight admin console takes the following steps:

1. On the QuickSight console, on the user name menu, choose Manage QuickSight.
   
2. In the navigation pane, choose Security & permissions.
   
3. Under IP restrictions, choose Manage.
   
4. For IP address, enter the IP address which is to be allowed access in CIDR format.
5. Choose Add.
   
6. To edit an existing rule, choose the pencil icon next to the rule.
   
7. To delete an existing rule, choose the trash icon next to the rule.
   
8. Make sure to add your own IP address to the list to prevent being locked out yourself.
9. After you add, edit or delete IP address rules, choose Save changes.
   
10. Turn on the rules to start your IP-based restriction.
    

When the IP restriction is turned on and the list of allowed IP addresses in CIDR format is in place, any OkTank employee trying to access QuickSight when not logged in to OkTank’s VPN (regardless of their role of admin, author, or reader) is presented with an error page.

• UpdateIpRestriction
• DescribeIpRestriction

Conclusion

With IP restrictions in place, administrators can now strengthen controls around QuickSight access by ensuring that only employees logged in the organization’s VPN network can access QuickSight. Stay tuned for more new admin capabilities, and follow What’s New with Analytics for the latest on QuickSight.

About the Author

Mayank Agarwal is a product manager for Amazon QuickSight, AWS’ cloud-native, fully managed BI service. He focuses on account administration, governance and developer experience. He started his career as an embedded software engineer developing handheld devices. Prior to QuickSight he was leading engineering teams at Credence ID, developing custom mobile embedded device and web solutions using AWS services that make biometric enrollment and identification fast, intuitive, and cost-effective for Government sector, healthcare and transaction security applications.

Post Syndicated from Raji Sivasubramaniam original https://aws.amazon.com/blogs/big-data/secure-and-simplify-account-setup-and-access-management-with-new-amazon-quicksight-administrative-controls/

Amazon QuickSight is a fully-managed, cloud-native business intelligence (BI) service that makes it easy to connect to your data, create interactive dashboards, and share these with tens of thousands of users, either within the QuickSight interface, or embedded in software as a service (SaaS) applications or web portals. Unlike many BI solutions in the market today, QuickSight requires no server deployments or management for scaling to tens of thousands of users, and authors build dashboards using a web-based interface, without any client downloads needed. QuickSight also supports private VPC connectivity to AWS databases and analytics services such as Amazon Relational Database Service (Amazon RDS) and Amazon Redshift, and AWS Identity and Access Management (IAM) permissions-based access to Amazon Simple Storage Service (Amazon S3) and Amazon Athena, making it secure and easy to access data in AWS via QuickSight.

In this post, we explore three new features in QuickSight that enable administrators to further simplify QuickSight setup and access controls, which makes it easier than ever to scale QuickSight to all your AWS accounts.

Overview of new QuickSight features

Administrators can take advantage of the following new features in QuickSight:

• Service control policy based sign-up controls – Admins can now use service control policies (SCPs) to restrict QuickSight sign-up options within your organization. You can restrict the QuickSight edition (Standard or Enterprise), and also the type of identity mechanisms that can be used. For example, admins can set up service control policies that deny sign-ups for a QuickSight Standard Edition and turn off the ability to invite any users other than those possible via federated single sign-on (SSO). For more information, see Using Service Control Policies to Restrict Amazon QuickSight Sign-up Options.
• Automated email sync for federated SSO users – Admins can set up QuickSight and SSO such that email addresses for end-users are automatically synced at first-time login. This avoids any manual errors during entry, and prevents use of personal email addresses (such as Gmail or Hotmail). For example, administrators can make it so that only corporate-assigned email addresses are used when users are provisioned to their QuickSight account through their identity provider (IdP). For more information, see Configuring Email Syncing for Federated Users in Amazon QuickSight.
• Bring your own role during QuickSight account setup – QuickSight allows you to bring in data stored in several AWS services to create datasets, analyses, and dashboards. QuickSight uses an IAM role to specify permissions to the AWS resources (such as Amazon S3 or Athena) at the QuickSight account level (which you can further control within QuickSight). This service role was previously created during QuickSight sign-up, and required the user signing up to have permissions to create this role. Now, administrators signing up to QuickSight can pick from an existing role in their AWS account instead of QuickSight creating a custom service role for the account. This allows you to set up your own role for a group of codependent AWS services and QuickSight that you want to work together. For more information, see Passing IAM Roles to Amazon QuickSight.

Use case overview

Let’s walk through a use case for these features.

OkTank is an enterprise in the healthcare space, where it owns and manages multiple hospitals. OkTank’s IT infrastructure is managed centrally by a team that is responsible for ensuring security and governance of the entire IT infrastructure. Each individual facility has its own AWS account, which is a member of OkTank’s central AWS Organizations account.

Each hospital needs its own QuickSight account for gathering business intelligence and improving the healthcare service they provide to their customers. The central IT team requires that each hospital when setting up their QuickSight account only signs up for Enterprise edition. In addition, they want to authenticate each hospital’s QuickSight users (admins, authors, and readers) using Okta, which is their corporate IdP. This helps them make sure that QuickSight administrators can’t invite non-federated users intentionally or by mistake.

Administrators also want to make sure that when users get an invitation to sign up for their hospital’s QuickSight account, they only use pre-approved email address as configured in Okta and don’t enter their personal email address. This provides a seamless sign-up experience for new users because they don’t have to enter an email address anymore, and it provides more security because users can’t use their personal email for sign-up and future logins.

Finally, because AWS administrators manages other services such as Amazon S3 and Athena, which are being used by QuickSight, they have configured roles for each of these services. Administrators want to make sure they can use preconfigured roles when external services are being used by QuickSight. This makes sure that users and QuickSight admins can’t create their own roles for these services, and the roles can be enforced by administrators of those external services.

To enable all these setup and access controls, OkTank’s Organizations administrator and the hospital’s QuickSight administrator use the new features in the following order:

• Bring your own role during QuickSight account setup
• SCP-based sign-up controls
• Automated email sync for federated SSO users

Bring your own role during QuickSight account setup

OkTank uses Amazon S3 for storage, and wants to use it as a data source in all the hospitals’ QuickSight accounts. An IT administrator creates an IAM role for Amazon S3 that only allows read-only access to a QuickSight account and its users. During QuickSight account creation, the administrator can select the read-only Amazon S3 role. OkTank’s Organizations administrator for each hospital’s AWS account completes the following steps to create an Amazon S3 role and configure it to be used by QuickSight:

1. On the IAM console, choose Roles in the navigation pane.
   
2. Choose Create role.
   
3. Choose AWS Service and choose S3.
   
4. Choose Next: Permissions.
5. Search for S3 and select AmazonS3ReadOnlyAccess.
6. Choose Next: Tags.
   
7. Choose Next: Review.
8. For Role name, enter QuickSightS3Role.
9. Choose Create role.
   
10. Choose the newly created role.
11. On the Trust relationships tab,
12. Choose Edit trust relationship.
    
13. Enter the following JSON:

    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Effect": "Allow",
    "Principal": {
    "Service": "quicksight.amazonaws.com"
    },
    "Action": "sts:AssumeRole"
    }
    ]
    }

14. Choose Update Trust Policy.
    

This newly created role is now available for the administrator to choose while creating a QuickSight account in the next section.

SCP-based sign-up controls

To ensure that hospitals when creating their QuickSight account only choose Enterprise edition and their users are only invited via Okta, OkTank’s Organizations administrator completes the following steps:

1. On the Organizations console, choose Policies in the navigation pane.
2. Choose Service control policies.
   
3. Choose Create policy.
   
4. For Policy name, enter QuickSightSCP.
5. Enter the following JSON in the policy section:

   {
   "Version": "2012-10-17",
   "Statement": [
   {
   "Sid": "Statement1",
   "Effect": "Deny",
   "Action": [
   "quicksight:Subscribe"
   ],
   "Resource": [
   "*"
   ],
   "Condition": {
   "ForAnyValue:StringEquals": {
   "quicksight:DirectoryType": [
   "microsoft_ad",
   "quicksight",
   "ad_connector"
   ]
   }
   }
   },
   {
   "Sid": "Statement2",
   "Effect": "Deny",
   "Action": [
   "quicksight:Subscribe"
   ],
   "Resource": [
   "*"
   ],
   "Condition": {
   "StringEquals": {
   "quicksight:Edition": "standard"
   }
   }
   }
   ]
   }

6. Choose Create policy.
   
7. Choose AWS accounts in the navigation pane.
8. Choose the Root account.
   
9. On the Policies tab, under Service control policies, choose Attach.
   
10. Select the policy QuickSightSCP that you created earlier and choose Attach policy.
    

Now the newly created policy is attached to all the hospital’s AWS accounts.

Test the sign-up controls

As the hospital’s AWS admin, you can test the sign-up controls to make sure they prevent you from using Standard Edition.

1. When signing up for a QuickSight account, choose Standard.
2. Select Use IAM federated identities & QuickSight-managed users.
   

You’re presented with the following error message.

As per the new SCP policy attached to the hospital’s AWS account, the admin has to choose Enterprise Edition and use IAM federated identities in order to successfully set up a QuickSight account.

3. Choose Enterprise.
4. Select Use IAM federated identities only.
   

The Amazon S3 read-only role that you created earlier is available in QuickSight.

5. Select Use an existing role and choose QuickSightS3Role.
6. Choose Finish.
   

After you make your selections per the SCP policy and the custom role for Amazon S3 read-only access, this QuickSight account is created successfully for the hospital.

Automated email sync for federated SSO users

The hospital’s QuickSight account is now set up to only accept users invited through federated SSO. In this case, they use Okta, which is their corporate IdP. After authentication via Okta is complete, the QuickSight users are asked to enter their email address when they log in for the very first time.

This email request may create confusion for some users as to which email address they should use.

The hospital’s QuickSight admin team wants to streamline the user login process and prevent users from entering any emails other than their corporate email. To ensure that, the hospital’s QuickSight admin decides to use the new automated email sync feature for federated SSO users. With this new feature, admins can set up QuickSight and SSO such that email addresses for end-users are automatically synced at first-time login. This prevents any manual errors during entry, or users signing up with personal email addresses. OkTank’s administrators can set up controls so that only corporate-assigned email addresses are used when users are provisioned to their QuickSight account through their IdP.

The hospital’s admin completes the following steps to use this feature:

1. On the IAM console, choose Roles in the navigation pane.
2. Search for the role you use with AssumeRoleWithSAML (for this post, it’s called QuickSightOktaFederatedRole).
   
3. On the Trust relationships tab, choose Edit trust relationship.
   
4. For the policy details, enter the following JSON:

   {
   "Version": "2012-10-17",
   "Statement": [
   {
   "Effect": "Allow",
   "Principal": {
   "Federated": "arn:aws:iam::xxxxxxxxxx:saml-provider/Okta"
   },
   "Action": "sts:AssumeRoleWithSAML",
   "Condition": {
   "StringEquals": {
   "SAML:aud": "https://signin.aws.amazon.com/saml"
   }
   }
   },
   {
   "Effect": "Allow",
   "Principal": {
   "Federated": "arn:aws:iam::xxxxxxxxxx:saml-provider/Okta"
   },
   "Action": "sts:TagSession",
   "Condition": {
   "StringLike": {
   "aws:RequestTag/Email": "*"
   }
   }
   }
   ]
   }

5. Choose Update Trust Policy.

OkTank’s central IT administrator (responsible for managing Okta’s configuration) makes the following changes in the Okta configuration via Okta’s admin console:

6. Log in to the Okta admin console.
7. Choose Applications in the navigation pane.
   
8. Choose the Okta application for QuickSight federation (in this case, it’s called AWS Account Federation – QuickSight).
   
9. Choose the Sign On tab.
   
10. In the Settings section, choose Edit.
    
11. Select SAML 2.0 and expand the Attributes section.
    
12. Add an attribute statement as follows:
    1. For Name, enter https://aws.amazon.com/SAML/Attributes/PrincipalTag:Email.
    2. For Name format, select URI reference.
    3. For Value, select user.email.
13. Choose Save.

Finally, after you update the trust relationship for the IAM role with AssumeRoleWithSAML and add a SAML attribute for the IAM Principal tag in Okta, the next step is to turn on email syncing for federated users in QuickSight.

OkTank’s central IT administrator (responsible for managing Okta’s configuration) makes the following changes in the Okta configuration via Okta’s admin console.

14. On the QuickSight console, on the user name menu, choose Manage QuickSight.
    
15. Choose Single sign-on (SSO) in the navigation pane.
    
16. In the Email Syncing for Federated Users section, select ON.
    

Once turned on, users when launching the QuickSight application via the Okta console for the first time bypass the email request and are redirected to the QuickSight console.

Conclusion

With these features, administrators can now strengthen controls around QuickSight accounts and open up QuickSight access to more AWS accounts within your organization. Try out these features to strengthen the security of your QuickSight account and simplify end-user access, and share your feedback and questions in the comments.

Stay tuned for more new admin capabilities, and check out what’s new for the latest updates.

About the Authors

Raji Sivasubramaniam is a Specialist Solutions Architect at AWS, focusing on Analytics. Raji has 20 years of experience in architecting end-to-end Enterprise Data Management, Business Intelligence and Analytics solutions for Fortune 500 and Fortune 100 companies across the globe. She has in-depth experience in integrated healthcare data and analytics with wide variety of healthcare datasets including managed market, physician targeting and patient analytics. In her spare time, Raji enjoys hiking, yoga and gardening.

Mayank Agarwal is a product manager for Amazon QuickSight, AWS’ cloud-native, fully managed BI service. He focuses on account administration, governance and developer experience. He started his career as an embedded software engineer developing handheld devices. Prior to QuickSight he was leading engineering teams at Credence ID, developing custom mobile embedded device and web solutions using AWS services that make biometric enrollment and identification fast, intuitive, and cost-effective for Government sector, healthcare and transaction security applications.

Post Syndicated from Mia Heard original https://aws.amazon.com/blogs/big-data/your-guide-to-all-things-amazon-quicksight-at-aws-reinvent-2021/

AWS re:Invent is a learning conference hosted by AWS for the global cloud computing community. This year’s re:Invent will be held in Las Vegas, NV from November 29th to December 3rd. Amazon QuickSight, a scalable, embeddable, ML-powered business intelligence (BI) service for the cloud will be represented at re:Invent within the Business Intelligence track through keynotes, breakout sessions, chalk talks, workshops, and other planned activities.

This post walks you through the details of all QuickSight related sessions and activities to help you plan your conference week accordingly. These sessions should appeal to anyone wanting to learn more about modernizing their BI capabilities and curating a more data driven culture including business decision makers, BI analysts, data scientists, app developers, and others! To access the session catalog and reserve your seat for one of our Business Intelligence sessions, you must be registered for re:Invent. Register now!

Keynotes

Swami Sivasubramanian – Vice President, Amazon Machine Learning – Keynote

Join Swami Sivasubramanian, Vice President, Amazon Machine Learning, on an exploration of what it takes to put data in action with an end to end data strategy including the latest news on databases, analytics, and machine learning.

Rahul Pathak – Vice President, Analytics – Leadership Session: Reinvent your business for the future with AWS Analytics 

The next wave of digital transformation will be data-driven, and organizations will have to reinvent themselves using data to make decisions quickly and gain faster and deeper insights to serve their customers. In this session, Rahul Pathak, VP of AWS Analytics, addresses the current state of analytics on AWS, focusing on the latest service innovations. Learn how you can put your data to work with the best of both data lakes and purpose-built data stores. Also, discover how AWS can help you build new experiences and reimagine old processes with a modern data architecture on AWS.

Breakout sessions 

BSI201 (LVL 200) – Self-service analytics for everyone with ML-powered Amazon QuickSight Q

In our increasingly fast-paced world, it is critical for companies to make data-driven business decisions quickly. In order to move fast, teams need the ability to answer business questions without relying on the time-consuming efforts of business intelligence (BI) teams. Amazon QuickSight Q is a machine learning-powered capability that uses natural language processing to answer business questions instantly in the form of a visual, without requiring authors to create visuals, dashboards, or analyses. In this session, the Amazon QuickSight team provides an overview of Q and guidance on how to get started with this new capability.

BSI202 (LVL 200) – Modernize your BI and reporting with Amazon QuickSight 

Organizations increasingly strive to improve data literacy for all their employees and reduce dependence on IT and data scientists while gaining efficiency by moving to the cloud. Existing business intelligence tools can limit business users’ insight into their data. They can also limit IT departments’ ability to provide self-service analytics in a secure, scalable, and cost-efficient way. Join this session to learn how customers have modernized their advanced analytics, self-service, and reporting needs by migrating to Amazon QuickSight. With QuickSight, you only pay for what you use and are not required to manage any infrastructure.

BSI203 (LVL 200) – Enhance your apps with Amazon QuickSight embedded analytics 

Empower your users by embedding business analytics capabilities directly into your application. Amazon QuickSight embedded analytics seamlessly integrate into your application and enable your users to perform advanced analytics with capabilities such as one-time, or ad hoc, analyses and machine learning-based insights, providing you with new ways of monetizing and differentiating your applications. Join this session to learn about QuickSight’s new capabilities for embedding rich data visualizations within SaaS applications that provide governance and data security. The session also shows how QuickSight can be easily connected to your choice of data services including Amazon RDS, Amazon Athena, Amazon S3, or Amazon Redshift.

Chalk talks 

BSI204 (LVL 200) – Authoring configuration for Amazon QuickSight Q

Amazon QuickSight Q is a machine learning-powered capability that uses natural language processing to instantly answer business questions about data. Q interprets questions to understand their intent and generates an answer instantly in the form of a visual, without requiring authors to create visuals, dashboards, or analyses. In this chalk talk, the Amazon QuickSight Q team provides an overview of Q and the different question types that are currently supported. Following the product demo, learn how to set up datasets to answer natural language questions from users.

BSI301 (LVL 300) – Advanced deployment options at scale with Amazon QuickSight

Amazon QuickSight is a scalable, serverless, embeddable, ML-powered BI service built for the cloud that you can use to deliver easy-to-understand insights to the people that you work with – wherever they are. In this chalk talk, learn about deployment methodologies and best practices around multi-tenancy, cross-account data connectivity, single sign-on, content migration, and automation, to give you confidence deploying into even the most sophisticated environments.

Workshops 

BSI302 (LVL 300) – Build stunning dashboards with Amazon QuickSight 

Want to grow your dashboard-building skills from beginner to advanced? In this workshop, the Amazon QuickSight team guides you through the latest authoring functionality, such as high-fidelity layouts, custom content, and advanced formatting. These features are designed to empower you to build beautiful layouts and robust interactive experiences with other applications, right from within your dashboard.

Additional activities

Demo: “Get answers on your data in seconds with Amazon QuickSight”

Join us in the demo theater on Tuesday November 30 at 3:00PM PST for an Amazon QuickSight Q deep dive demo.

Business Intelligence kiosk in the AWS Village

Visit the Business Intelligence kiosk within the AWS Village to meet with experts to dive deeper into QuickSight capabilities such as ML-powered Q and Embedded Analytics. You will be able to ask our experts questions and experience live demos for our newly launched capabilities.

Grab your QuickSight swag

Make sure to stop by the swag distribution table to grab free QuickSight swag. You must attend one of the breakout sessions, chalk talks, workshops, or visit our kiosk to obtain a swag voucher.

Other QuickSight related sessions 

LFS304 – Accelerate science by unifying data silos across the enterprise

When shifting to data-driven decision-making, customers—especially those in the life sciences—often struggle with the need to access data and free it from organizational silos or find it in other enterprises. In this workshop, learn how to build an effective data mesh platform on AWS to make data discoverable, secure, and interoperable. Free your data from silos and minimize unnecessary data movement. Utilizing AWS Glue, Amazon Athena, AWS Lake Formation, Amazon S3, Amazon QuickSight, and Amazon Neptune, bring together disparate data sources from across the enterprise. Use what you learn to build a scalable data mesh to serve as the foundation for any analytics and data science effort.

DEM066 – S –  Assess, plan & automate the transition from legacy BI to Amazon QuickSight (sponsored by Ironside)

Ironside’s Ascent suite, powered by AWS, enables a rapid, efficient, and successful way to build new analytics, explore AI, and migrate from legacy platforms to the cloud. Join this session to learn how to use Ironside’s AscentIQ offering for Amazon QuickSight to inventory, rationalize, and plan the migration of your existing reporting implementation; build the business case for your migration; refactor and automate generation of legacy report specifications; and accelerate functional validation of legacy content. This presentation is brought to you by Ironside, an AWS Partner.

COP311 –  Build your own customizable cost reporting dashboards

Get actionable insights to track your AWS cost and usage performance, drive cost-efficient consumption behavior in your organization, and make cost-aware architectural decisions. Join this workshop to learn how you can integrate AWS Cost and Usage Reports with Amazon QuickSight and build your own dashboards to visualize specific KPIs and savings opportunities that are meaningful to you and your business.

GPS306 – Data warehouse and business intelligence modernization

Amazon Redshift is a fast, fully managed, petabyte-scale, cloud-native analytics data warehouse. A large number of organizations are migrating their current data warehousing systems into Amazon Redshift to take advantage of better performance and scale, lower costs, the ease of use of a managed service, and data lake integration. Amazon QuickSight is a scalable, serverless, cloud-powered business intelligence (BI) service that makes it easy for you to publish insights through interactive BI dashboards. Join this workshop to learn and practice how to modernize and migrate legacy data warehouse systems to Amazon Redshift and how to migrate your BI dashboards to Amazon QuickSight.

ENT306 –  Outcome-oriented analytics for SAP on AWS

In this workshop, learn how to solve common business problems using native AWS services in conjunction with SAP applications. First in the workshop, build a data extraction layer from SAP. Then, prepare the data with AWS Glue DataBrew and use Amazon QuickSight to visualize, forecast, and use NLP for business process reporting.

AIM208 – S – Port of Vancouver: Improving supply chain visibility (sponsored by Deloitte)

As Canada’s largest port and the third-largest port in North America, the Port of Vancouver needed to overhaul its container examination process because it was a major source of challenges across the network. Join this session to learn how the Port of Vancouver used a blockchain application integrated with AWS Panorama to help identify and track containers, feed real-time data into the blockchain system, enable proper assignment of cost, and identify efficiency improvement opportunities. Discover how other AWS services, such as Amazon SageMaker, Amazon QuickSight, AWS IoT Core, and more, were also used to deliver the data and insights, while meeting privacy, security, and data residency requirements. This presentation is brought to you by Deloitte, an AWS Partner.

FSI203 –  State Farm: Enabling rapid deployment with risk automation

In this session, learn how State Farm streamlined deployment approval from months to minutes by implementing an automated, data-driven risk management process for all use cases leveraging AWS services. Approving deployments for production in financial services can often be a manual, opinion-based, and time-consuming process that frustrates developers, security teams, and executive leadership alike. State Farm’s solution not only notifies account administrators of potential compliance issues but also supports auto-remediation of these issues. It provides continuous, real-time testing and monitoring of controls, which accelerates service adoption for developers, delivers assurance to InfoSec professionals, and enables agile executive decision-making.

AIM317 –  Uncover insights from customer conversations with no ML expertise required

Understanding what your customers are saying is critical to your business, but navigating the technology needed to make sense of these conversations can be daunting. In this workshop, discover how to uncover valuable insights from your data using custom models that are tailored to your business needs—with no ML expertise required. Using a set of customer calls, learn how to boost transcription accuracy with Amazon Transcribe custom language models, extract insights with Amazon Comprehend custom entities, localize content with Amazon Translate Active Custom Translation, and create powerful visualizations with Amazon QuickSight.

Useful resources 

Whether you plan on attending re:Invent in person or virtually this year you can always learn more about QuickSight through these helpful resources:

QuickSight YouTube Channel
Subscribe to stay up to date on the latest QuickSight workshops, getting started tutorials, and demo videos.

QuickSight DemoCentral

Experience QuickSight first hand through interactive dashboards and demos.

QuickSight workshops

 Enhance your BI skills with self-paces QuickSight workshops.

About the Author

Mia Heard is a product marketing manager for Amazon QuickSight, AWS’ cloud-native, fully managed BI service.