AWS singlesignon documentation change
Summary
Updated documentation links, session management terminology ('revokes a user's session' link), and grammatical consistency ('can't' to 'cannot')
Security assessment
Changes involve documentation link updates and grammatical improvements. While session management is security-related, there is no evidence of addressing a specific vulnerability or adding new security features. The updates clarify existing security practices but do not introduce new security documentation.
Diff
diff --git a/singlesignon/latest/userguide/authconcept.md b/singlesignon/latest/userguide/authconcept.md index b6004b05c..998d2014b 100644 --- a//singlesignon/latest/userguide/authconcept.md +++ b//singlesignon/latest/userguide/authconcept.md @@ -13 +13 @@ A user signs in to the AWS access portal using their user name. When they do, IA -There are two types of authentication sessions maintained by IAM Identity Center: one to represent the users’ sign in to IAM Identity Center, and another to represent the users’ access to AWS managed applications, such as Amazon SageMaker AI Studio or Amazon Managed Grafana. Each time a user signs in to IAM Identity Center, a sign in session is created for the duration configured in IAM Identity Center, which can be up to 90 days. For more information, see [Configure the session duration of the AWS access portal and IAM Identity Center integrated applications](./configure-user-session.html). Each time the user accesses an application, the IAM Identity Center sign in session is used to create an IAM Identity Center application session for that application. IAM Identity Center application sessions have a refreshable 1-hour lifetime – that is, IAM Identity Center application sessions are automatically refreshed every hour as long as the IAM Identity Center sign in session from which they were obtained is still valid. If the user signs out using the AWS access portal, the user's sign in session ends. The next time application refreshes its session, the application session will end. +There are two types of authentication sessions maintained by IAM Identity Center: one to represent the users’ sign in to IAM Identity Center, and another to represent the users’ access to AWS managed applications, such as Amazon SageMaker AI Studio or Amazon Managed Grafana. Each time a user signs in to IAM Identity Center, a sign in session is created for the duration configured in IAM Identity Center, which can be up to 90 days. For more information, see [Configure the session duration in IAM Identity Center](./configure-user-session.html). Each time the user accesses an application, the IAM Identity Center sign in session is used to create an IAM Identity Center application session for that application. IAM Identity Center application sessions have a refreshable 1-hour lifetime – that is, IAM Identity Center application sessions are automatically refreshed every hour as long as the IAM Identity Center sign in session from which they were obtained is still valid. If the user signs out using the AWS access portal, the user's sign in session ends. The next time application refreshes its session, the application session will end. @@ -23 +23 @@ When an IAM Identity Center administrator [deletes](./deleteusers.html) or [disa -When an IAM Identity Center administrator [revokes a user's session](./delete-user-session.html) or when a user signs out, the user will immediately lose access to the AWS access portal and be required to sign back in to start a new application or IAM role session. The user will lose access to existing application sessions within 30 minutes. Any existing IAM role sessions will continue based on the session duration configured in the IAM Identity Center permission set. The maximum session duration can be 12 hours. +When an IAM Identity Center administrator [revokes a user's session](./end-active-sessions.html) or when a user signs out, the user will immediately lose access to the AWS access portal and be required to sign back in to start a new application or IAM role session. The user will lose access to existing application sessions within 30 minutes. Any existing IAM role sessions will continue based on the session duration configured in the IAM Identity Center permission set. The maximum session duration can be 12 hours. @@ -27 +27 @@ The following table summarizes the previously described IAM Identity Center beha -Action | User loses IAM Identity Center access | User can't create new application sessions | User can't access existing application sessions | User loses access to existing AWS account sessions +Action | User loses IAM Identity Center access | User cannot create new application sessions | User cannot access existing application sessions | User loses access to existing AWS account sessions @@ -38 +38 @@ The following table summarizes the previously described IAM Identity Center beha -Action | User loses IAM Identity Center access | User can't create new application sessions | User can't access existing application sessions | User loses access to existing AWS account sessions +Action | User loses IAM Identity Center access | User cannot create new application sessions | User cannot access existing application sessions | User loses access to existing AWS account sessions