AWS Security ChangesHomeSearch

AWS bedrock-agentcore medium security documentation change

Service: bedrock-agentcore · 2025-10-01 · Security-related medium

File: bedrock-agentcore/latest/devguide/identity-idp-microsoft.md

Summary

Updated Microsoft Entra ID integration documentation with multi-tenant requirement, token version support details, and configuration specifics for different token types

Security assessment

Added explicit requirement for multi-tenant applications and stricter token validation (removed clientId validation, focused on aud claims). Specified token version handling and discovery URL formats to prevent misconfiguration. These changes address potential authentication bypass risks through proper token validation and configuration guidance.

Diff

diff --git a/bedrock-agentcore/latest/devguide/identity-idp-microsoft.md b/bedrock-agentcore/latest/devguide/identity-idp-microsoft.md
index 80ac403e8..4a46a6f17 100644
--- a//bedrock-agentcore/latest/devguide/identity-idp-microsoft.md
+++ b//bedrock-agentcore/latest/devguide/identity-idp-microsoft.md
@@ -11 +11 @@ Amazon Bedrock AgentCore is in preview release and is subject to change.
-Microsoft can be set up as an inbound provider using Microsoft Entra ID or as an outbound provider.
+You can set up Microsoft as an inbound or outbound provider using Microsoft Entra ID.
@@ -15 +15 @@ To add Microsoft Entra ID as an identity provider for accessing AgentCore Gatewa
-  * Configure discovery URL from your IDP directory. This helps AgentCore Identity get the metadata related to your OAuth authorization server and token verification keys.
+  * Configure discovery URL for your Microsoft Entra ID Tenant. This helps AgentCore Identity get the metadata related to your OAuth authorization server and token verification keys.
@@ -17 +17 @@ To add Microsoft Entra ID as an identity provider for accessing AgentCore Gatewa
-  * Provide valid `clientId` or `aud` claims for the token. This helps validate the tokens coming from your IDP and allow access for tokens that contain expected claims.
+  * Provide valid `aud` claims for the token. This helps validate the tokens coming from your IDP and allows access for tokens that contain the expected claims.
@@ -23,0 +24,2 @@ You can configure these as part of configuration of Gateway and Runtime inbound
+Before configuring Microsoft Entra ID as your identity provider, we recommend completing the basic setup steps outlined in [Getting started with Amazon Bedrock AgentCore Identity](./identity-getting-started.html). This ensures your development environment and SDK are properly configured before adding identity provider integration.
+
@@ -26 +28,17 @@ You can configure these as part of configuration of Gateway and Runtime inbound
-We support Microsoft Entra ID for v2.0 Id Tokens.
+We support Microsoft Entra ID for v1.0 and v2.0 Access and ID tokens that do not have any custom claims. You can determine which token versions your entra application is issuing by parsing the JWT and looking at the `ver` claim.
+
+###### Note
+
+**Multi-tenant application requirement:** AgentCore currently supports only multi-tenant Microsoft Entra applications. Single-tenant applications are not supported at this time. When configuring your Microsoft Entra application, ensure that it is set up as a multi-tenant application to work with AgentCore identity services.
+
+For all token types, in your custom authorizer:
+
+  * **Discovery URL** : Discovery URL should be one of the following:
+
+    * For v1.0 tokens use: `https://login.microsoftonline.com/${tenantId}/.well-known/openid-configuration`
+
+    * For v2.0 tokens use: `https://login.microsoftonline.com/${tenantId}/v2.0/.well-known/openid-configuration`
+
+  * **Allowed audiences** : `aud` should be the Application Id.
+
+
@@ -28 +45,0 @@ We support Microsoft Entra ID for v2.0 Id Tokens.
-### Configurations for v2.0 Id Tokens
@@ -30 +47,14 @@ We support Microsoft Entra ID for v2.0 Id Tokens.
-In custom authorizer:
+### Configurations specific for v1.0 Access Tokens
+
+When fetching the token from Microsoft Entra:
+
+  * Include in authorization URL a scope like `{entra-application-id}/.default` alongside any other scopes your application might require. This allows Microsoft to know that you intend to use the access token against resources other than Microsoft's Graph API and will result in a token that can be validated by AgentCore Identity.
+
+
+
+
+### Configurations Specific for v2.0 AccessTokens
+
+On Microsoft Entra:
+
+  * While configuring the application, go to the Application Manifest and add `accessTokenAcceptedVersion=2`.
@@ -32 +62 @@ In custom authorizer:
-  * **Discovery URL** : Discovery URL should be of the form: `https://login.microsoftonline.com/${tenantId}/v2.0/.well-known/openid-configuration`
+  * On the application, expose an API. The application ID URI and scopes can be whatever is necessary for your application; but, the scope must be included in the authorization URL when retrieving the access token.
@@ -34 +63,0 @@ In custom authorizer:
-  * **Allowed audiences** : `aud` should be the Application Id
@@ -37,0 +67 @@ In custom authorizer:
+### Configurations Specific for v1.0 and v2.0 Id Tokens