SiteWise Monitor roles
Four roles interact with SiteWise Monitor:
- Amazon administrator
-
The Amazon administrator uses the Amazon IoT SiteWise console to create portals. The Amazon administrator can also assign portal administrators and add portal users. Portal administrators later assign portal users to projects as owners or viewers. The Amazon administrator works exclusively in the Amazon console.
- Portal administrator
-
Each SiteWise Monitor portal has one or more portal administrators. Portal administrators use the portal to create projects that contain collections of assets and dashboards. The portal administrator then assigns assets and owners to each project. By controlling access to the project, portal administrators specify which assets that project owners and viewers can see.
- Project owner
-
Each SiteWise Monitor project has owners. Project owners create visualizations in the form of dashboards to represent operational data in a consistent manner. When dashboards are ready to share, the project owner can invite viewers to the project. Project owners can also assign other owners to the project. Project owners can configure thresholds and notification settings for alarms.
- Project viewer
-
Each SiteWise Monitor project has viewers. Project viewers can connect to the portal to view the dashboards that project owners created. In each dashboard, project viewers can adjust the time range to better understand operational data. Project viewers can only view dashboards in the projects to which they have access. Project viewers can acknowledge and snooze alarms.
Depending on your organization, the same person might perform multiple roles.
The following image illustrates how these four roles interact in the SiteWise Monitor portal.
![Amazon IoT SiteWise Monitor roles and what they do.](images/monitor-roles.png)
You can manage who has access to your data by using IAM. Your data users can sign in to SiteWise Monitor from a desktop or mobile browser using their IAM credentials.
SAML federation
IAM support identity federation with SAML (Security Assertion Markup Language)
2.0
You can configure IAM to use SAML-based federation for access to your SiteWise Monitor portals.
- IAM
-
Your portal administrators and users can request temporary security credentials to access their assigned SiteWise Monitor portals. You create a SAML identity provider identity in IAM to set up a trust relationship between your identity provider and Amazon. For more information, see Using SAML-based federation for API access to Amazon, in the IAM User Guide.
Your portal administrators and users can sign in to your company's portal and select the option to go to the Amazon Management console. They can then navigate to their assigned SiteWise Monitor portals. Your company's portal handles the exchange of trust between your identity provider and Amazon. For more information, see Enabling SAML 2.0 federated users to access the Amazon Management Console in the IAM User Guide.
Note
When adding users or administrators to the portal, avoid creating IAM policies that restrict user permissions, such as limited IP. Any attached policies with restricted permissions will not be able to connect to the Amazon IoT SiteWise portal.