Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

📖 Simplify QuickSight Onboarding #6510

Open
4 tasks
julialawrence opened this issue Jan 6, 2025 · 0 comments
Open
4 tasks

📖 Simplify QuickSight Onboarding #6510

julialawrence opened this issue Jan 6, 2025 · 0 comments
Assignees
@julialawrence @jamesstottmoj
Labels
story

Comments

@julialawrence
Copy link
Contributor

julialawrence commented Jan 6, 2025
edited
Loading

User Story

I would like to simplify how we onboard users to QuickSight by shifting user creation from the AWS root account lambda to Control Panel

Value / Purpose

Will take onboarding from 5 steps to 2.

Useful Contacts

julialawrence, michaeljcollins, jamesstott

User Types

QuickSight Users

Hypothesis

If we implement this process, it will significantly speed up onboarding to QS users, as the current process is difficult for people to navigate.

Proposal

Proposal diagram:
https://mojdt.slack.com/archives/C06NFN4FMNG/p1736183448050609

  1. Create a role in the MOJ Master account assumable by Control Panel dev and prod which allows creation of users in Identity Center and adding and removing them from Identity Center groups
  2. Pre-create QuickSight groups in Identity Center which will hold readers, authors and admins (not currently used) and add them to QuickSight
  3. When an AP admin adds a user to QuickSight via the Control Panel, the following process is kicked off:* User's entra identity is retrieved
  • QuickSight toggle in CP is updated to offer the option of adding a user as a reader or an author
  • Control Panel assumes the MOJ Master role
  • CP creates the user in identity center if they don't already exist
  • CP adds the user to the pre-created readers/authors group
  • CP adds the user to the so-called holding group named azure-aws-sso-all-members
  1. To offboard:
  • User is removed from the quicksight group(s)
  • Lambda will clean them up on the next run

Additional Information

Master account role information: https://mojdt.slack.com/archives/C06NFN4FMNG/p1736250687881559?thread_ts=1736183448.050609&cid=C06NFN4FMNG
Pre-created QuickSight group names:
"azure-aws-sso-analytical-platform-qs-readers"
"azure-aws-sso-analytical-platform-qs-authors"
"azure-aws-sso-analytical-platform-qs-admins"
Lambda code:
https://github.com/ministryofjustice/moj-terraform-scim-entra-id/blob/main/function/app.py

Definition of Done

  • Documentation has been written / updated
  • Role created and tested
  • Control Panel reader/author toggle(s) added
  • Backend process implemented
This was referenced Jan 6, 2025
Merged
Merged
Merged
@julialawrence julialawrence moved this from 👀 TODO to 🚀 In Progress in Analytical Platform Jan 6, 2025
@jamesstottmoj jamesstottmoj mentioned this issue Jan 10, 2025
Merged
1 task
@julialawrence julialawrence mentioned this issue Jan 15, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@julialawrence julialawrence

@jamesstottmoj jamesstottmoj

Labels
story
Projects
Analytical Platform
Status: 🚀 In Progress
Milestone
No milestone
Development

No branches or pull requests
2 participants
@julialawrence @jamesstottmoj