SiteWise Monitor roles - Amazon IoT SiteWise
SAML federation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

SiteWise Monitor roles

Four roles interact with SiteWise Monitor:

Amazon administrator

The Amazon administrator uses the Amazon IoT SiteWise console to create portals. The Amazon administrator can also assign portal administrators and add portal users. Portal administrators later assign portal users to projects as owners or viewers. The Amazon administrator works exclusively in the Amazon console.

Portal administrator

Each SiteWise Monitor portal has one or more portal administrators. Portal administrators use the portal to create projects that contain collections of assets and dashboards. The portal administrator then assigns assets and owners to each project. By controlling access to the project, portal administrators specify which assets that project owners and viewers can see.

Project owner

Each SiteWise Monitor project has owners. Project owners create visualizations in the form of dashboards to represent operational data in a consistent manner. When dashboards are ready to share, the project owner can invite viewers to the project. Project owners can also assign other owners to the project. Project owners can configure thresholds and notification settings for alarms.

Project viewer

Each SiteWise Monitor project has viewers. Project viewers can connect to the portal to view the dashboards that project owners created. In each dashboard, project viewers can adjust the time range to better understand operational data. Project viewers can only view dashboards in the projects to which they have access. Project viewers can acknowledge and snooze alarms.

Depending on your organization, the same person might perform multiple roles.

The following image illustrates how these four roles interact in the SiteWise Monitor portal.

Amazon IoT SiteWise Monitor roles and what they do.

You can manage who has access to your data by using IAM. Your data users can sign in to SiteWise Monitor from a desktop or mobile browser using their IAM credentials.

SAML federation

IAM support identity federation with SAML (Security Assertion Markup Language) 2.0. SAML 2.0 is an open standard that many external identity providers (IdPs) use to authenticate users and pass their identity and security information to service providers (SPs). SPs are typically applications or services. SAML federation enables your SiteWise Monitor portal administrators and users to sign in to their assigned portals with external credentials, such as their corporate usernames and passwords.

You can configure IAM to use SAML-based federation for access to your SiteWise Monitor portals.

IAM

Your portal administrators and users can request temporary security credentials to access their assigned SiteWise Monitor portals. You create a SAML identity provider identity in IAM to set up a trust relationship between your identity provider and Amazon. For more information, see Using SAML-based federation for API access to Amazon, in the IAM User Guide.

Your portal administrators and users can sign in to your company's portal and select the option to go to the Amazon Management console. They can then navigate to their assigned SiteWise Monitor portals. Your company's portal handles the exchange of trust between your identity provider and Amazon. For more information, see Enabling SAML 2.0 federated users to access the Amazon Management Console in the IAM User Guide.

Note

When adding users or administrators to the portal, avoid creating IAM policies that restrict user permissions, such as limited IP. Any attached policies with restricted permissions will not be able to connect to the Amazon IoT SiteWise portal.