AWS singlesignon medium security documentation change
Summary
Updated title, corrected product name, removed reference to IAM users, added guidance on identity management strategy, updated 'Learn more' links, and changed section title.
Security assessment
The change removes mention of using IAM users for AWS account access, promoting federation instead. This addresses security best practices by discouraging use of IAM users (which pose risks from long-lived credentials) and emphasizes secure identity federation. The removal of MFA documentation links could reduce security visibility but lacks explicit vulnerability context.
Diff
diff --git a/singlesignon/latest/userguide/identities.md b/singlesignon/latest/userguide/identities.md index a34d77dc8..8bba4eae4 100644 --- a//singlesignon/latest/userguide/identities.md +++ b//singlesignon/latest/userguide/identities.md @@ -5 +5 @@ -# Connect workforce users +# Set up your workforce in IAM Identity Center @@ -7 +7 @@ -IAM Identity Center is the AWS solution for connecting your workforce users to AWS managed applications such as Amazon Q Developer and Amazon QuickSight, and other AWS resources. You can connect your existing identity provider and synchronize users and groups from your directory, or create and manage your users directly in IAM Identity Center. +IAM Identity Center is the AWS solution for connecting your workforce users to AWS managed applications such as Amazon Q Developer and Amazon Quick Suite, and other AWS resources. You can connect your existing identity provider and synchronize users and groups from your directory, or create and manage your users directly in IAM Identity Center. @@ -11 +11,3 @@ IAM Identity Center is the AWS solution for connecting your workforce users to A -You don’t need to make any changes to your current AWS account workflows to use IAM Identity Center for access to AWS managed applications. If you’re using [federation with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers.html#id_roles_providers_iam) or IAM users for AWS account access, your users can continue to access AWS accounts in the same way they always have, and you can continue to use your existing workflows to manage that access. +You don’t need to make any changes to your current AWS account workflows to use IAM Identity Center for access to AWS managed applications. If you’re using [federation with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers.html#id_roles_providers_iam) for AWS account access, your users can continue to access AWS accounts in the same way they always have, and you can continue to use your existing workflows to manage that access. + +Choose the approach that best fits your organization's identity management strategy and existing infrastructure. @@ -19,5 +21 @@ You don’t need to make any changes to your current AWS account workflows to us - * [Configure the session duration in IAM Identity Center](./configure-user-session.html) - - * [Using the AWS access portal](./using-the-portal.html) - - * [Multi-factor authentication for Identity Center users](./enable-mfa.html) + * [Manage users in the Identity Center directory](./manage-your-identity-source-sso.html) @@ -34 +32 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Revoke access for deleted users +Identity Center directory