AWS singlesignon medium security documentation change
Summary
Changed elevated access revocation behavior to immediate access loss instead of 1-hour grace period
Security assessment
Improves security posture by eliminating delayed privilege revocation window for elevated access.
Diff
diff --git a/singlesignon/latest/userguide/temporary-elevated-access.md b/singlesignon/latest/userguide/temporary-elevated-access.md index 490cf21de..623cb6eb3 100644 --- a//singlesignon/latest/userguide/temporary-elevated-access.md +++ b//singlesignon/latest/userguide/temporary-elevated-access.md @@ -69 +69 @@ AWS Identity has validated that the temporary elevated access capabilities offer -If a user is signed in with elevated access when an approved request is revoked, their session remains active for up to one hour after the approval is revoked. For information about authentication sessions, see [Authentication in IAM Identity Center](./authconcept.html). +If a user is signed in with elevated access when an approved request is revoked, the user will immediately lose access. For information about authentication sessions, see [Authentication in IAM Identity Center](./authconcept.html).