AWS Security ChangesHomeSearch

AWS singlesignon documentation change

Service: singlesignon · 2025-08-13 · Documentation low

File: singlesignon/latest/userguide/prereqs-revoking-user-permissions.md

Summary

Updated documentation references and grammatical corrections (changed 'they're' to 'they are' and 'it's' to 'it is'). Changed link from 'revoke-user-permissions.html' to 'end-active-sessions.html'.

Security assessment

Changes are grammatical improvements and documentation reference updates. No direct security vulnerability fixes or new security features documented. The content continues to describe existing revocation procedures without altering security implications.

Diff

diff --git a/singlesignon/latest/userguide/prereqs-revoking-user-permissions.md b/singlesignon/latest/userguide/prereqs-revoking-user-permissions.md
index e5a470f82..ca5caa9d4 100644
--- a//singlesignon/latest/userguide/prereqs-revoking-user-permissions.md
+++ b//singlesignon/latest/userguide/prereqs-revoking-user-permissions.md
@@ -13 +13 @@ You might need to revoke an IAM Identity Center user’s access to AWS accounts
-You can prevent the user from taking actions with an IAM role they're actively using by applying a deny all policy for a specific user through the use of a Service Control Policy You can also prevent a user from using any permission set until you change their password, which removes a bad actor actively misusing stolen credentials. If you need to deny access broadly and prevent a user from re-entering a permission set or accessing other permission sets, you might also remove all user access, stop the active AWS access portal session, and disable the user sign-in. See [Revoke active IAM role sessions created by permission sets](./revoke-user-permissions.html) to learn how to use the Deny policy in conjunction with additional actions for broader access revocation.
+You can prevent the user from taking actions with an IAM role they are actively using by applying a deny all policy for a specific user through the use of a Service Control Policy You can also prevent a user from using any permission set until you change their password, which removes a bad actor actively misusing stolen credentials. If you need to deny access broadly and prevent a user from re-entering a permission set or accessing other permission sets, you might also remove all user access, stop the active AWS access portal session, and disable the user sign-in. See [View and end active sessions for your workforce users](./end-active-sessions.html) to learn how to use the Deny policy in conjunction with additional actions for broader access revocation.
@@ -45 +45 @@ JSON
-Although you could use another condition key such as `“aws:userId”`, `“identitystore:userId”` is certain because it's a globally unique value that's associated with one person. Using `“aws:userId”` in the condition can be affected by how user attributes are synchronized from your source of identities and can change if the user’s username or email address changes.
+Although you could use another condition key such as `“aws:userId”`, `“identitystore:userId”` is certain because it is a globally unique value that is associated with one person. Using `“aws:userId”` in the condition can be affected by how user attributes are synchronized from your source of identities and can change if the user’s username or email address changes.