AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-03-23 · Documentation low

File: cognito/latest/developerguide/cognito-user-pools-SAML-session-initiation.md

Summary

Added guidance for configuring SAML IdP discovery via email input

Security assessment

Documents authentication flow configuration options but does not indicate a security vulnerability fix.

Diff

diff --git a/cognito/latest/developerguide/cognito-user-pools-SAML-session-initiation.md b/cognito/latest/developerguide/cognito-user-pools-SAML-session-initiation.md
index 5da4df447..8d24a99fc 100644
--- a/cognito/latest/developerguide/cognito-user-pools-SAML-session-initiation.md
+++ b/cognito/latest/developerguide/cognito-user-pools-SAML-session-initiation.md
@@ -32 +32,3 @@ The following process shows how users complete SP-initiated sign in to your user
-  1. Your user enters their email address at a sign-in page. To determine your user’s redirect to their IdP, you can collect their email address in a custom-built application or invoke managed login in web view. You can configure your managed login pages to display a list of IdPs or to only prompt for an email address.
+  1. Your user enters their email address at a sign-in page. To determine your user’s redirect to their IdP, you can collect their email address in a custom-built application or invoke managed login in web view.
+
+You can configure your managed login pages to display a list of IdPs or to prompt for an email address and match it to the identifier of your SAML IdP. To prompt for an email address, edit your managed login branding style and in **Foundation** , locate **Authentication behavior** and under **Provider display** , set **Display style** to **Domain search input**.