{"id":85730,"date":"2023-07-25T16:23:00","date_gmt":"2023-07-25T13:23:00","guid":{"rendered":"https:\/\/elementor.com\/blog\/?p=85730"},"modified":"2025-12-01T13:17:47","modified_gmt":"2025-12-01T11:17:47","slug":"enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account","status":"publish","type":"post","link":"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/","title":{"rendered":"Enabling Redshift SSO authentication with AWS IAM Identity Center (Multi-Account)"},"content":{"rendered":"\n<p>In this step-by-step guide, we&#8217;ll learn how to set up SSO authentication with Redshift and AWS IAM Identity Center in order to boost security and make user access easier.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"751\" height=\"161\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Redshift-SSO.drawio.png\" alt=\"\" class=\"wp-image-85731\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Used-Sources:\">Used Sources:<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/aws.amazon.com\/blogs\/big-data\/federated-authentication-to-amazon-redshift-using-aws-single-sign-on\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/aws.amazon.com\/blogs\/big-data\/federated-authentication-to-amazon-redshift-using-aws-single-sign-on\/<\/a><\/li><li><a href=\"https:\/\/aws.amazon.com\/blogs\/big-data\/amazon-redshift-identity-federation-with-multi-factor-authentication\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/aws.amazon.com\/blogs\/big-data\/amazon-redshift-identity-federation-with-multi-factor-authentication\/<\/a><\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Terms-Dictionary:\">Terms Dictionary:<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><th class=\"has-text-align-left\" data-align=\"left\"><strong>Term<\/strong><\/th><th class=\"has-text-align-left\" data-align=\"left\"><strong>Meaning<\/strong><\/th><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Identity Center Account<\/td><td class=\"has-text-align-left\" data-align=\"left\">The account where the IAM Identity Center is configured.<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Redshift Account<\/td><td class=\"has-text-align-left\" data-align=\"left\">The child account of the Identity Center account which contains the Redshift Cluster we want to connect to.<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">IDP<\/td><td class=\"has-text-align-left\" data-align=\"left\">Identity Provider<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"What's-Redshift?\">What&#8217;s Redshift?<\/h3>\n\n\n\n<p><a class=\"wpil_keyword_link\" href=\"https:\/\/elementor.com\/blog\/cloud-hosting\/\" title=\"10 Best Cloud Hosting for WordPress in 2025\" data-wpil-keyword-link=\"linked\" data-wpil-monitor-id=\"24843\">AWS<\/a> Redshift is a fully-managed data warehousing service provided by Amazon Web Services (AWS).<br>It is designed to handle large-scale data analytics workloads and enables organizations to analyze vast amounts of data quickly and cost-effectively.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"What\u2019s-IAM-Identity-Center?\">What\u2019s IAM Identity Center?<\/h3>\n\n\n\n<p>IAM Identity Center provides one place where you can create or connect workforce users and centrally manage their access across all their AWS accounts and applications.<br>You can use multi-account permissions to assign your workforce users access to AWS accounts.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Why-SSO?\">Why SSO?<\/h3>\n\n\n\n<p>SSO <strong>reduces the number of attack surfaces <\/strong>because users only log in once each day and only use one set of credentials.<br>Reducing login to one set of credentials improves enterprise security. When employees have to use separate passwords for each app, they usually don&#8217;t.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"Prerequisites\">Prerequisites<\/h2>\n\n\n\n<ol class=\"wp-block-list\"><li>Preconfigured IAM Identity Center \u2192 <a href=\"https:\/\/docs.aws.amazon.com\/singlesignon\/latest\/userguide\/getting-started.html\" target=\"_blank\" rel=\"noreferrer noopener\">Getting started &#8211; AWS IAM Identity Center.<\/a><\/li><li>Preconfigured Redshift Cluster with an administrative access.<\/li><li>Identity Source user &amp; password (Okta, PingOne, etc.).<\/li><li>JetBrains DataGrip installed (can be free tier).<\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"Step-by-Step:\">Step by Step:<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Configure-Identity-Center-application\">Configure Identity Center application<\/h3>\n\n\n\n<p>Our first step will be to create a new AWS Identity Center application <strong>in the Identity Center account <\/strong>to be used as the main channel between users and the Redshift cluster.<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>In the IAM Identity Center side panel, click \u201cApplications\u201d.<br><img decoding=\"async\" width=\"278\" height=\"71\" class=\"wp-image-85732\" style=\"width: 278px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-15.25.46.png\" alt=\"\"><br>&nbsp;<\/li><li>In the top right corner, click \u201cAdd application\u201d.<br><img decoding=\"async\" width=\"1402\" height=\"152\" class=\"wp-image-85733\" style=\"width: 1402px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-15.27.18.png\" alt=\"\"><\/li><li>Check \u201cadd custom SAML 2.0 application\u201d and click \u201cNext\u201d.<br><img loading=\"lazy\" decoding=\"async\" width=\"1057\" height=\"178\" class=\"wp-image-85734\" style=\"width: 1057px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-15.28.44.png\" alt=\"\"><\/li><li>Set an appropriate display name, we\u2019ll call our application \u201cRedshift-ReadOnly\u201d, as this application will be used to gain Read-Only access to the cluster data.<br><img loading=\"lazy\" decoding=\"async\" width=\"965\" height=\"201\" class=\"wp-image-85735\" style=\"width: 965px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-15.32.25.png\" alt=\"\"><\/li><li>Download the Identity Center SAML metadata file, we\u2019ll use it later to configure our Redshift account application.<br><img loading=\"lazy\" decoding=\"async\" width=\"872\" height=\"420\" class=\"wp-image-85736\" style=\"width: 872px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-15.33.39.png\" alt=\"\"><br>&nbsp;<\/li><li>Copy the application sign-in <a class=\"wpil_keyword_link\" href=\"https:\/\/elementor.com\/blog\/url\/\" title=\"What is a URL? Structure, Syntax &amp; Best Practices\" data-wpil-keyword-link=\"linked\" data-wpil-monitor-id=\"24842\">URL<\/a> as we\u2019ll need it for later.<br><\/li><li>Next, we\u2019ll configure the <strong>SAML application ACS<\/strong> (aka Assertion Consumer Service).<br>Briefly, ACS is the location where the SAML application response will be sent to.<br><br>As we\u2019ll be using the <strong>AWS Redshift JDBC driver<\/strong> to connect to our Redshift cluster, we\u2019ll need to set the application ACS to <code>http:\/\/localhost:7890\/redshift\/<\/code> &#8211; as the JDBC driver starts a server listening on port 7890 by default.<br><img loading=\"lazy\" decoding=\"async\" width=\"308\" height=\"74\" class=\"wp-image-85737\" style=\"width: 308px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-15.56.40.png\" alt=\"\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/elementor.atlassian.net\/ab00f622-901e-48a6-af15-55b11fe407f4#media-blob-url=true&amp;id=a1039895-cc77-4376-8887-687b0a94ffae&amp;collection=contentId-664896059&amp;contextId=664896059&amp;height=74&amp;width=308&amp;alt=\"><\/li><li>In order to restrict the SAML application assertion to redshift alone, we\u2019ll configure the \u201cApplication SAML audience\u201d field to <code>urn:amazon:webservices:redshift<\/code>.<br><img loading=\"lazy\" decoding=\"async\" width=\"247\" height=\"70\" class=\"wp-image-85738\" style=\"width: 247px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-15.58.17.png\" alt=\"\">&nbsp;<\/li><\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Create-Identity-Provider\">Create Identity Provider<\/h3>\n\n\n\n<p>After we created our <strong>Redshift-ReadOnly<\/strong> application in the Identity Center account, we need to configure an identity provider to be used by the <strong>Redshift-ReadOnly <\/strong>application to connect to the Redshift account Redshift cluster.<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>In the IAM Dashboard side panel of your Redshift account, click <strong>Identity Providers<\/strong>.<br><img loading=\"lazy\" decoding=\"async\" width=\"271\" height=\"431\" class=\"wp-image-85742\" style=\"width: 271px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-16.19.31.png\" alt=\"\">&nbsp;<\/li><li>In the top right corner, click \u201cAdd provider\u201d.<br><img loading=\"lazy\" decoding=\"async\" width=\"1328\" height=\"78\" class=\"wp-image-85743\" style=\"width: 1328px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-16.21.05.png\" alt=\"\"><br><\/li><li>Fill in the details for the new IDP:<ol start=\"1\"><li>Set the \u201cProvider name\u201d to Redshift-ReadOnly (same as our previously configured application).<\/li><li>Upload the metadata file we download during the configuration process of our IAM Identity Center application.<img decoding=\"async\" alt=\"\" src=\"https:\/\/elementor.atlassian.net\/f2db2cb3-28d0-4578-ac63-f813a350a2d9#media-blob-url=true&amp;id=af2a9aac-ed5d-4c7c-8aea-e91254cfdeaf&amp;collection=contentId-664896059&amp;contextId=664896059&amp;height=597&amp;width=866&amp;alt=\">&nbsp;Click \u201cAdd provider\u201d and finish.<br><img loading=\"lazy\" decoding=\"async\" width=\"866\" height=\"597\" class=\"wp-image-85744\" style=\"width: 866px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-16.22.59.png\" alt=\"\"><\/li><\/ol><\/li><li>Go to the IDP description page and copy the <strong>IDP ARN<\/strong>, we\u2019ll use it later on<strong>.<\/strong><br><img loading=\"lazy\" decoding=\"async\" width=\"626\" height=\"321\" class=\"wp-image-85745\" style=\"width: 626px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-17.04.43.png\" alt=\"\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/elementor.atlassian.net\/0a06764a-c351-43f3-810a-15da912d7c05#media-blob-url=true&amp;id=39497b0d-7a31-4add-8c83-107db8043f05&amp;collection=contentId-664896059&amp;contextId=664896059&amp;height=321&amp;width=626&amp;alt=\"><\/li><\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Create-IAM-Role-&amp;-Policy\">Create IAM Role &amp; Policy<\/h3>\n\n\n\n<p>Now that we\u2019ve created the Identity Provider to be used by our IAM Identity Center application, we can create the role that will be used to connect to the Redshift cluster itself.<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>In the IAM Dashboard side panel of your Redshift account, click <strong>Roles<\/strong>.<br><img loading=\"lazy\" decoding=\"async\" width=\"271\" height=\"437\" class=\"wp-image-85747\" style=\"width: 271px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-16.14.15.png\" alt=\"\">&nbsp;<\/li><li>In the top right corner, click \u201cCreate Role\u201d.<br><img loading=\"lazy\" decoding=\"async\" width=\"1341\" height=\"128\" class=\"wp-image-85748\" style=\"width: 1341px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-16.15.37.png\" alt=\"\"><br>&nbsp;<\/li><li>Create a trusted entity of type SAML 2.0 federation and set the following:<ol start=\"1\"><li>Set the IDP to the \u201cRedshift-ReadOnly\u201d IDP we created earlier.<\/li><li>Check the \u201cAllow programmatic access only\u201d radio button and set:<br><strong>Attribute: \u201cSAML:aud\u201d<\/strong> \u2192 setting which audience can assume this role.<br><strong>Value: \u201c<\/strong><a href=\"http:\/\/localhost:7890\/redshift\/\"><strong>http:\/\/localhost:7890\/redshift\/<\/strong><\/a><strong>\u201d<\/strong> \u2192 Setting the audience to our local Redshift JDBC driver server (as explained in the first section).<br><img loading=\"lazy\" decoding=\"async\" width=\"1190\" height=\"780\" class=\"wp-image-85749\" style=\"width: 1190px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-16.44.02.png\" alt=\"\"><br>Click \u201cNext\u201d.<br><\/li><\/ol><\/li><li>Click \u201cCreate policy\u201d and a new tab will open.<img decoding=\"async\" alt=\"\" src=\"https:\/\/elementor.atlassian.net\/5f413ee0-9082-48fe-bbf9-1266e384f039#media-blob-url=true&amp;id=f54050e8-48e9-4c67-8e16-34cb159b53b5&amp;collection=contentId-664896059&amp;contextId=664896059&amp;height=165&amp;width=1303&amp;alt=\">&nbsp;<\/li><li>Select \u201cJSON\u201d.<img decoding=\"async\" alt=\"\" src=\"https:\/\/elementor.atlassian.net\/38e95090-ae9b-4366-9c1e-4c24cab89231#media-blob-url=true&amp;id=75587102-9ee1-4ce6-abd5-c83d2c872050&amp;collection=contentId-664896059&amp;contextId=664896059&amp;height=135&amp;width=1139&amp;alt=\">&nbsp;<\/li><li>In the Policy editor panel, paste the following policy statement and edit the following values in the \u201cResource\u201d scope to match your own: <code>&lt;region&gt;, &lt;account&gt;, &lt;clusterName&gt;<\/code>.<br>\t\t<div data-elementor-type=\"container\" data-elementor-id=\"85752\" class=\"elementor elementor-85752\" data-elementor-post-type=\"elementor_library\">\n\t\t\t\t<div class=\"elementor-element elementor-element-1bd19134 e-flex e-con-boxed e-con e-parent\" data-id=\"1bd19134\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-1630fc85 elementor-widget elementor-widget-code-highlight\" data-id=\"1630fc85\" data-element_type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-tomorrow copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-json line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-json\">\n\t\t\t\t\t<xmp>{\n    \"Version\": \"2012-10-17\",\n    \"Statement\": [\n        {\n            \"Effect\": \"Allow\",\n            \"Action\": [\n                \"redshift:CreateClusterUser\",\n                \"redshift:JoinGroup\",\n                \"redshift:GetClusterCredentials\",\n                \"redshift:ListSchemas\",\n                \"redshift:ListTables\",\n                \"redshift:ListDatabases\",\n                \"redshift:ExecuteQuery\",\n                \"redshift:FetchResults\",\n                \"redshift:CancelQuery\",\n                \"redshift:DescribeClusters\",\n                \"redshift:DescribeQuery\",\n                \"redshift:DescribeTable\"\n            ],\n            \"Resource\": [\n                \"arn:aws:redshift:<region>:<account>:cluster:<clusterName>\",\n                \"arn:aws:redshift:<region>:<account>:dbuser:<clusterName>\/${redshift:DbUser}\",\n                \"arn:aws:redshift:<region>:<account>:dbname:<clusterName>\/${redshift:DbName}\",\n                \"arn:aws:redshift:<region>:<account>:dbgroup:<clusterName>\/bi_users_group\",\n            ]\n        }\n    ]\n}<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<br><\/li><li>Name the policy \u201cRedshift-ReadOnly-policy\u201d and click \u201cCreate policy\u201d.<img decoding=\"async\" alt=\"\" src=\"https:\/\/elementor.atlassian.net\/638f1d27-23e5-4a2f-8351-3f13ebf6a7f1#media-blob-url=true&amp;id=e6d9b9f7-ff16-4b5a-851e-162a99c4d39d&amp;collection=contentId-664896059&amp;contextId=664896059&amp;height=287&amp;width=1042&amp;alt=\">&nbsp;<br><img loading=\"lazy\" decoding=\"async\" width=\"1042\" height=\"287\" class=\"wp-image-85756\" style=\"width: 1042px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-16.55.08.png\" alt=\"\"><\/li><li>Go back to the origin tab where we started creating our IAM role<br>\u2192 click refresh \u2192 type \u201cRedshift-ReadOnly-policy\u201d in the search-bar \u2192 check the \u201cRedshift-ReadOnly-policy\u201d policy \u2192 click \u201cNext\u201d.<br><img loading=\"lazy\" decoding=\"async\" width=\"1136\" height=\"359\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-16.56.59.png\" class=\"wp-image-85757\" style=\"width: 1136px\" alt=\"\"><\/li><li>Name the role \u201cRedshift-ReadOnly-role\u201d and click \u201cCreate role\u201d in the lower right corner.<br><img loading=\"lazy\" decoding=\"async\" width=\"618\" height=\"244\" class=\"wp-image-85758\" style=\"width: 618px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-16.59.54.png\" alt=\"\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/elementor.atlassian.net\/f0080f98-f453-40bb-83c7-24e81210a9f2#media-blob-url=true&amp;id=7ece7e5c-f65e-4144-9c4a-e4856fa6e8db&amp;collection=contentId-664896059&amp;contextId=664896059&amp;height=244&amp;width=618&amp;alt=\"><\/li><li>Now that we\u2019ve created the IAM role, go to its description page and copy the <strong>role ARN<\/strong>, we\u2019ll use it later on.<br><img loading=\"lazy\" decoding=\"async\" width=\"1126\" height=\"320\" class=\"wp-image-85759\" style=\"width: 1126px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-17.08.58.png\" alt=\"\"><\/li><\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Configure-the-IAM-Identity-Center-Application-Attributes\">Configure the IAM Identity Center Application Attributes<\/h3>\n\n\n\n<p>In order to configure our application to work against Redshift, we need to configure some application attributes that will guide it \u201chow to connect\u201d to it.<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>In the IAM Identity Center, go to the Applications panel and choose the application we created earlier.<br><img loading=\"lazy\" decoding=\"async\" width=\"880\" height=\"506\" class=\"wp-image-85761\" style=\"width: 880px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-17.21.15.png\" alt=\"\"><br>&nbsp;<\/li><li>Assign users and group you\u2019d like to have permissions to this application \u2192 <a rel=\"noreferrer noopener\" href=\"https:\/\/docs.aws.amazon.com\/singlesignon\/latest\/userguide\/assignuserstoapp.html\" target=\"_blank\">Assign user access to applications in the IAM Identity Center console &#8211; AWS IAM Identity Center (successor to AWS Single Sign-On)<\/a>.<br><img loading=\"lazy\" decoding=\"async\" width=\"1368\" height=\"419\" class=\"wp-image-85762\" style=\"width: 1368px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-17.25.48.png\" alt=\"\"><br>&nbsp;<\/li><li>Click \u201cattribute mappings\u201d.<br><img loading=\"lazy\" decoding=\"async\" width=\"1395\" height=\"345\" class=\"wp-image-85763\" style=\"width: 1395px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-17.27.54.png\" alt=\"\">&nbsp;<\/li><li>Set the attributes according to the following table and replace the <code>&lt;role_arn&gt;<\/code> &amp; <code>&lt;idp_arn&gt;<\/code> placeholder with the ARNs you copied in the previous steps:<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><th class=\"has-text-align-left\" data-align=\"left\"><strong>Attribute<\/strong><\/th><th class=\"has-text-align-left\" data-align=\"left\"><strong>Value<\/strong><\/th><th class=\"has-text-align-left\" data-align=\"left\"><strong>Explanation<\/strong><\/th><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Subject (default attribute)<\/td><td class=\"has-text-align-left\" data-align=\"left\">${user:email}<\/td><td class=\"has-text-align-left\" data-align=\"left\">The subject used.<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">https:\/\/aws.amazon.com\/SAML\/Attributes\/RoleSessionName<\/td><td class=\"has-text-align-left\" data-align=\"left\">${user:email}<\/td><td class=\"has-text-align-left\" data-align=\"left\">The session name created against the cluster.<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">https:\/\/redshift.amazon.com\/SAML\/Attributes\/AutoCreate<\/td><td class=\"has-text-align-left\" data-align=\"left\">true<\/td><td class=\"has-text-align-left\" data-align=\"left\">Configure the application to create the Redshift user automatically on authentication.<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">https:\/\/aws.amazon.com\/SAML\/Attributes\/Role<\/td><td class=\"has-text-align-left\" data-align=\"left\">&lt;role_arn&gt;,&lt;idp_arn&gt;<\/td><td class=\"has-text-align-left\" data-align=\"left\">The IAM role and IDP to be used to connect to Redshift.<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">https:\/\/redshift.amazon.com\/SAML\/Attributes\/DbUser<\/td><td class=\"has-text-align-left\" data-align=\"left\">${user:email}<\/td><td class=\"has-text-align-left\" data-align=\"left\">The DB User name to create.<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">https:\/\/redshift.amazon.com\/SAML\/Attributes\/DbGroups<\/td><td class=\"has-text-align-left\" data-align=\"left\">readonly<\/td><td class=\"has-text-align-left\" data-align=\"left\">The DB Group to assign the newly created user to.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1406\" height=\"716\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-17.38.32.png\" alt=\"\" class=\"wp-image-85764\" \/><\/figure>\n\n\n\n<p>Click \u201cSave changes\u201d.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Create-Redshift-group-&amp;-Grant-permissions\">Create Redshift group &amp; Grant permissions<\/h3>\n\n\n\n<p>In this stage, we\u2019ll configure the <code>readonly<\/code> Redshift group (as defined in the Application attributes in the previous stage) that each user will be assigned to when connecting via the application.<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Connect to your Redshift cluster with a privileged user (superuser).<\/li><li>Execute the following SQL script to create the <code>readonly<\/code> group and assign it <code>read<\/code> permissions to the public schema (the default schema).<br>\t\t<div data-elementor-type=\"container\" data-elementor-id=\"85766\" class=\"elementor elementor-85766\" data-elementor-post-type=\"elementor_library\">\n\t\t\t\t<div class=\"elementor-element elementor-element-13d86d9a e-flex e-con-boxed e-con e-parent\" data-id=\"13d86d9a\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-885ec86 elementor-widget elementor-widget-code-highlight\" data-id=\"885ec86\" data-element_type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-tomorrow copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-sql line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-sql\">\n\t\t\t\t\t<xmp>create group readonly;\ngrant usage on schema public to group readonly;\ngrant select on all tables in schema public to group readonly;<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<\/li><\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Configure-the-DataGrip-client-Data-Source\">Configure the DataGrip client Data Source<\/h3>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/elementor.com\/cdn-cgi\/image\/f=auto,w=20,h=20https:\/\/elementor.atlassian.net\/gateway\/api\/emoji\/bc79594b-ab29-4483-8266-81959ca3f62f\/1f389\/path\" alt=\":tada:\" width=\"20\" height=\"20\"> We\u2019re all set up and finally about to harvest our fruits! <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/elementor.atlassian.net\/gateway\/api\/emoji\/bc79594b-ab29-4483-8266-81959ca3f62f\/1f389\/path\" alt=\":tada:\" width=\"20\" height=\"20\"><br>In this step, we\u2019ll configure a DataGrip data source that will be used as the connection between us and the Redshift cluster.<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Open DataGrip and create a new Redshift data source.<br><img loading=\"lazy\" decoding=\"async\" width=\"467\" height=\"114\" class=\"wp-image-85769\" style=\"width: 467px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-17.52.46.png\" alt=\"\">&nbsp;<\/li><li>A data source wizard will open for you to configure the connection in, set the following attributes:<ol start=\"1\"><li><strong>Name<\/strong>: Redshift ReadOnly SSO.<\/li><li><strong>Host<\/strong>:<strong> <\/strong>your Redshift server endpoint.<\/li><li><strong>User<\/strong>: your email identifier (will be used as the Redshift DB User).<\/li><li><strong>Password<\/strong>: the password you\u2019ve configured in your Identity Source (Okta, PingOne, etc.)<\/li><li><strong>Database<\/strong>: the database you want to connect to.<\/li><li><strong>URL<\/strong>: the url will be mostly configured at this point (because of the DataGrip auto-fill), all that is left for you to do is to change the JDBC url prefix from <code>jdbc:redshift:\/\/<\/code> to <code>jdbc:redshift:iam:\/\/<\/code>.<br><img loading=\"lazy\" decoding=\"async\" width=\"559\" height=\"671\" class=\"wp-image-85770\" style=\"width: 559px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-17.57.29.png\" alt=\"\">&nbsp;<\/li><\/ol><\/li><li>Go to the <code>Advanced<\/code> tab and configure this 3 attributes:<ol start=\"1\"><li><strong>plugin_name<\/strong>: <code>com.amazon.redshift.plugin.BrowserSamlCredentialsProvider<\/code> &#8211; already defined, so edit it.<\/li><li><strong>idp_reponse_timeout: <\/strong>60 &#8211; create a new value.<\/li><li><strong>login_url<\/strong>: &lt;your previously copied SAML application login url&gt; &#8211; create a new value.<br><img loading=\"lazy\" decoding=\"async\" width=\"547\" height=\"245\" class=\"wp-image-85771\" style=\"width: 547px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-18.10.07.png\" alt=\"\">&nbsp;<\/li><\/ol><\/li><li>In the bottom of the data source configuration wizard, click \u201ctest connection\u201d.<br><img loading=\"lazy\" decoding=\"async\" width=\"549\" height=\"88\" class=\"wp-image-85772\" style=\"width: 549px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-18.11.44.png\" alt=\"\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/elementor.atlassian.net\/938ff2bb-46c7-4cd9-9020-aa00b134d7b5#media-blob-url=true&amp;id=ec78f4d0-c3c0-4743-8a1d-e5568685c9e7&amp;collection=contentId-664896059&amp;contextId=664896059&amp;height=88&amp;width=549&amp;alt=\"><br>Once clicked, your browser will open and display the following screen:<br><img loading=\"lazy\" decoding=\"async\" width=\"1156\" height=\"197\" class=\"wp-image-85773\" style=\"width: 1156px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-18.14.29.png\" alt=\"\"><br>If everything is configured properly, you should see the following pop up in DataGrip:<br><img loading=\"lazy\" decoding=\"async\" width=\"467\" height=\"215\" class=\"wp-image-85774\" style=\"width: 467px\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/Screenshot-2566-07-02-at-18.14.34.png\" alt=\"\"><img decoding=\"async\" src=\"https:\/\/elementor.atlassian.net\/8b152b94-3cbd-465a-a56f-6cfc8cec2c19#media-blob-url=true&amp;id=ac42272d-34e4-46b6-9ec4-57583deb1983&amp;collection=contentId-664896059&amp;contextId=664896059&amp;height=215&amp;width=467&amp;alt=\" alt=\"\"><br>Click OK.<br><br>That\u2019s it! Thank you for reading \ud83d\ude42<\/li><\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Is your connection to Redshift secure enough?<br \/>\nIn this step-by-step guide, you\u2019ll learn how to enhance security and streamline user access by setting up SSO authentication with Redshift and AWS IAM Identity Center.<\/p>\n","protected":false},"author":2024233,"featured_media":85780,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[45],"tags":[],"marketing_persona":[],"marketing_intent":[],"class_list":["post-85730","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-development"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Enabling Redshift SSO authentication with AWS IAM Identity Center (Multi-Account)<\/title>\n<meta name=\"description\" content=\"Is your connection to Redshift secure enough? In this step-by-step guide, you\u2019ll learn how to enhance security and streamline user access by setting up SSO authentication with Redshift and AWS IAM Identity Center.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Enabling Redshift SSO authentication with AWS IAM Identity Center (Multi-Account)\" \/>\n<meta property=\"og:description\" content=\"Is your connection to Redshift secure enough? In this step-by-step guide, you\u2019ll learn how to enhance security and streamline user access by setting up SSO authentication with Redshift and AWS IAM Identity Center.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/elemntor\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-25T13:23:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-01T11:17:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/2023_7_Enabling-Redshift-SSO-authentication.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2400\" \/>\n\t<meta property=\"og:image:height\" content=\"1260\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Yuval Press\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@elemntor\" \/>\n<meta name=\"twitter:site\" content=\"@elemntor\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Yuval Press\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/\"},\"author\":{\"name\":\"Yuval Press\",\"@id\":\"https:\/\/elementor.com\/blog\/#\/schema\/person\/13b9197afb0317055c2c68ec36812410\"},\"headline\":\"Enabling Redshift SSO authentication with AWS IAM Identity Center (Multi-Account)\",\"datePublished\":\"2023-07-25T13:23:00+00:00\",\"dateModified\":\"2025-12-01T11:17:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/\"},\"wordCount\":1336,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/elementor.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/2023_7_Enabling-Redshift-SSO-authentication.png\",\"articleSection\":[\"Development\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/\",\"url\":\"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/\",\"name\":\"Enabling Redshift SSO authentication with AWS IAM Identity Center (Multi-Account)\",\"isPartOf\":{\"@id\":\"https:\/\/elementor.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/2023_7_Enabling-Redshift-SSO-authentication.png\",\"datePublished\":\"2023-07-25T13:23:00+00:00\",\"dateModified\":\"2025-12-01T11:17:47+00:00\",\"description\":\"Is your connection to Redshift secure enough? In this step-by-step guide, you\u2019ll learn how to enhance security and streamline user access by setting up SSO authentication with Redshift and AWS IAM Identity Center.\",\"breadcrumb\":{\"@id\":\"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/#primaryimage\",\"url\":\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/2023_7_Enabling-Redshift-SSO-authentication.png\",\"contentUrl\":\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/2023_7_Enabling-Redshift-SSO-authentication.png\",\"width\":2400,\"height\":1260},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/elementor.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Development\",\"item\":\"https:\/\/elementor.com\/blog\/category\/development\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Enabling Redshift SSO authentication with AWS IAM Identity Center (Multi-Account)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/elementor.com\/blog\/#website\",\"url\":\"https:\/\/elementor.com\/blog\/\",\"name\":\"Elementor\",\"description\":\"Website Builder for WordPress\",\"publisher\":{\"@id\":\"https:\/\/elementor.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/elementor.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/elementor.com\/blog\/#organization\",\"name\":\"Elementor\",\"url\":\"https:\/\/elementor.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/elementor.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2025\/06\/images.png\",\"contentUrl\":\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2025\/06\/images.png\",\"width\":225,\"height\":225,\"caption\":\"Elementor\"},\"image\":{\"@id\":\"https:\/\/elementor.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/elemntor\/\",\"https:\/\/x.com\/elemntor\",\"https:\/\/www.instagram.com\/elementor\/\",\"https:\/\/www.youtube.com\/channel\/UCt9kG_EDX8zwGSC1-ycJJVA?sub_confirmation=1\",\"https:\/\/en.wikipedia.org\/wiki\/Elementor\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/elementor.com\/blog\/#\/schema\/person\/13b9197afb0317055c2c68ec36812410\",\"name\":\"Yuval Press\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/elementor.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/faf67adc84158d77545efc51c560e86b017a0dbc7b31fbd9146ca076480ba73d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/faf67adc84158d77545efc51c560e86b017a0dbc7b31fbd9146ca076480ba73d?s=96&d=mm&r=g\",\"caption\":\"Yuval Press\"},\"description\":\"Senior DataOps Engineer. A long-time fan of professional challenges, endlessly fascinated with the latest technologies. Especially Passionate about the security aspect of DevOps.\",\"url\":\"https:\/\/elementor.com\/blog\/author\/yuvalp\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Enabling Redshift SSO authentication with AWS IAM Identity Center (Multi-Account)","description":"Is your connection to Redshift secure enough? In this step-by-step guide, you\u2019ll learn how to enhance security and streamline user access by setting up SSO authentication with Redshift and AWS IAM Identity Center.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/","og_locale":"en_US","og_type":"article","og_title":"Enabling Redshift SSO authentication with AWS IAM Identity Center (Multi-Account)","og_description":"Is your connection to Redshift secure enough? In this step-by-step guide, you\u2019ll learn how to enhance security and streamline user access by setting up SSO authentication with Redshift and AWS IAM Identity Center.","og_url":"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/","og_site_name":"Blog","article_publisher":"https:\/\/www.facebook.com\/elemntor\/","article_published_time":"2023-07-25T13:23:00+00:00","article_modified_time":"2025-12-01T11:17:47+00:00","og_image":[{"width":2400,"height":1260,"url":"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/2023_7_Enabling-Redshift-SSO-authentication.png","type":"image\/png"}],"author":"Yuval Press","twitter_card":"summary_large_image","twitter_creator":"@elemntor","twitter_site":"@elemntor","twitter_misc":{"Written by":"Yuval Press","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/#article","isPartOf":{"@id":"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/"},"author":{"name":"Yuval Press","@id":"https:\/\/elementor.com\/blog\/#\/schema\/person\/13b9197afb0317055c2c68ec36812410"},"headline":"Enabling Redshift SSO authentication with AWS IAM Identity Center (Multi-Account)","datePublished":"2023-07-25T13:23:00+00:00","dateModified":"2025-12-01T11:17:47+00:00","mainEntityOfPage":{"@id":"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/"},"wordCount":1336,"commentCount":0,"publisher":{"@id":"https:\/\/elementor.com\/blog\/#organization"},"image":{"@id":"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/#primaryimage"},"thumbnailUrl":"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/2023_7_Enabling-Redshift-SSO-authentication.png","articleSection":["Development"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/","url":"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/","name":"Enabling Redshift SSO authentication with AWS IAM Identity Center (Multi-Account)","isPartOf":{"@id":"https:\/\/elementor.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/#primaryimage"},"image":{"@id":"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/#primaryimage"},"thumbnailUrl":"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/2023_7_Enabling-Redshift-SSO-authentication.png","datePublished":"2023-07-25T13:23:00+00:00","dateModified":"2025-12-01T11:17:47+00:00","description":"Is your connection to Redshift secure enough? In this step-by-step guide, you\u2019ll learn how to enhance security and streamline user access by setting up SSO authentication with Redshift and AWS IAM Identity Center.","breadcrumb":{"@id":"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/#primaryimage","url":"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/2023_7_Enabling-Redshift-SSO-authentication.png","contentUrl":"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2023\/08\/2023_7_Enabling-Redshift-SSO-authentication.png","width":2400,"height":1260},{"@type":"BreadcrumbList","@id":"https:\/\/elementor.com\/blog\/enabling-redshift-sso-authentication-with-aws-iam-identity-center-multi-account\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/elementor.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Development","item":"https:\/\/elementor.com\/blog\/category\/development\/"},{"@type":"ListItem","position":3,"name":"Enabling Redshift SSO authentication with AWS IAM Identity Center (Multi-Account)"}]},{"@type":"WebSite","@id":"https:\/\/elementor.com\/blog\/#website","url":"https:\/\/elementor.com\/blog\/","name":"Elementor","description":"Website Builder for WordPress","publisher":{"@id":"https:\/\/elementor.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/elementor.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/elementor.com\/blog\/#organization","name":"Elementor","url":"https:\/\/elementor.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/elementor.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2025\/06\/images.png","contentUrl":"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2025\/06\/images.png","width":225,"height":225,"caption":"Elementor"},"image":{"@id":"https:\/\/elementor.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/elemntor\/","https:\/\/x.com\/elemntor","https:\/\/www.instagram.com\/elementor\/","https:\/\/www.youtube.com\/channel\/UCt9kG_EDX8zwGSC1-ycJJVA?sub_confirmation=1","https:\/\/en.wikipedia.org\/wiki\/Elementor"]},{"@type":"Person","@id":"https:\/\/elementor.com\/blog\/#\/schema\/person\/13b9197afb0317055c2c68ec36812410","name":"Yuval Press","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/elementor.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/faf67adc84158d77545efc51c560e86b017a0dbc7b31fbd9146ca076480ba73d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/faf67adc84158d77545efc51c560e86b017a0dbc7b31fbd9146ca076480ba73d?s=96&d=mm&r=g","caption":"Yuval Press"},"description":"Senior DataOps Engineer. A long-time fan of professional challenges, endlessly fascinated with the latest technologies. Especially Passionate about the security aspect of DevOps.","url":"https:\/\/elementor.com\/blog\/author\/yuvalp\/"}]}},"_links":{"self":[{"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/posts\/85730","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/users\/2024233"}],"replies":[{"embeddable":true,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/comments?post=85730"}],"version-history":[{"count":5,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/posts\/85730\/revisions"}],"predecessor-version":[{"id":146141,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/posts\/85730\/revisions\/146141"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/media\/85780"}],"wp:attachment":[{"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/media?parent=85730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/categories?post=85730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/tags?post=85730"},{"taxonomy":"marketing_persona","embeddable":true,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/marketing_persona?post=85730"},{"taxonomy":"marketing_intent","embeddable":true,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/marketing_intent?post=85730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}