AWS singlesignon documentation change
Summary
Clarified user permission propagation timing and updated table descriptions
Security assessment
Added a note about AWS access portal and CLI reflecting permission changes within 1 hour. This documents security-relevant behavior around permission propagation but does not indicate a security issue fix.
Diff
diff --git a/singlesignon/latest/userguide/authconcept.md b/singlesignon/latest/userguide/authconcept.md index 998d2014b..1cf514157 100644 --- a//singlesignon/latest/userguide/authconcept.md +++ b//singlesignon/latest/userguide/authconcept.md @@ -25 +25 @@ When an IAM Identity Center administrator [revokes a user's session](./end-activ -The following table summarizes the previously described IAM Identity Center behaviors: +This table summarizes how user management changes affect access to IAM resources, application sessions, and AWS account sessions. @@ -36 +36 @@ When an IAM Identity Center administrator [removes application access](./removea -The following table summarizes the previously described IAM Identity Center behaviors: +This table summarizes how changes to user permissions and group memberships affect access to IAM Identity Center resources, application sessions, and AWS account sessions. @@ -43,0 +44,4 @@ Application or AWS account access removed from group | No - User can continue ac +###### Note + +The AWS access portal and AWS CLI will reflect updated user permissions within 1 hour after you add or remove a user from a group. +