AWS Security ChangesHomeSearch

AWS singlesignon medium security documentation change

Service: singlesignon · 2025-04-03 · Security-related medium

File: singlesignon/latest/userguide/temporary-elevated-access.md

Summary

Changed elevated access revocation behavior to immediate access loss instead of 1-hour grace period

Security assessment

Improves security posture by eliminating delayed privilege revocation window for elevated access.

Diff

diff --git a/singlesignon/latest/userguide/temporary-elevated-access.md b/singlesignon/latest/userguide/temporary-elevated-access.md
index 490cf21de..623cb6eb3 100644
--- a//singlesignon/latest/userguide/temporary-elevated-access.md
+++ b//singlesignon/latest/userguide/temporary-elevated-access.md
@@ -69 +69 @@ AWS Identity has validated that the temporary elevated access capabilities offer
-If a user is signed in with elevated access when an approved request is revoked, their session remains active for up to one hour after the approval is revoked. For information about authentication sessions, see [Authentication in IAM Identity Center](./authconcept.html). 
+If a user is signed in with elevated access when an approved request is revoked, the user will immediately lose access. For information about authentication sessions, see [Authentication in IAM Identity Center](./authconcept.html).