This article provides a comprehensive guide for managing Amazon QuickSight users and groups using SCIM events from IAM Identity Center integrated with Azure AD.

• Configure Azure AD as external identity provider in IAM Identity Center for federated SSO
• Enable automatic SCIM provisioning between Azure AD and IAM Identity Center
• Set up SAML 2.0 federation to allow QuickSight access via Azure AD credentials
• Create Lambda function triggered by UpdateUser SCIM events to automate group membership changes
• Use EventBridge to capture SCIM events and invoke Lambda for QuickSight group updates
• Combine user attributes (department, jobTitle) into single group name for simplified management
• Synchronize user and group information automatically without manual QuickSight administration

This solution enables centralized user management where Azure AD changes automatically propagate to QuickSight group memberships through event-driven automation, eliminating manual synchronization.