AWS singlesignon documentation change
Summary
Updated MFA documentation link anchor text and clarified MFA context
Security assessment
Clarifies MFA-related user authentication requirements but does not address a new vulnerability or introduce security features.
Diff
diff --git a/singlesignon/latest/userguide/troubleshooting.md b/singlesignon/latest/userguide/troubleshooting.md index 7d10a9a9b..1145f7fd4 100644 --- a//singlesignon/latest/userguide/troubleshooting.md +++ b//singlesignon/latest/userguide/troubleshooting.md @@ -159 +159 @@ The solution is to review your identity source's attributes and ensure they are -Users might not be able to sign in to the AWS access portal based on the format they use to enter in their user name on the sign in page. For the most part, users can sign in to the user portal using either their plain user name, their down-level logon name (DOMAIN\UserName) or their UPN logon name (`[email protected]`). The exception to this is when IAM Identity Center is using a connected directory that has been enabled with MFA and the verification mode has been set to either **Context-aware** or **Always-on**. In this scenario, users must sign in with their down-level logon name (DOMAIN\UserName). For more information, see [Multi-factor authentication for Identity Center users](./enable-mfa.html). For general information about user name formats used to sign in to Active Directory, see [User Name Formats](https://docs.microsoft.com/en-us/windows/desktop/secauthn/user-name-formats) on the Microsoft documentation website. +Users might not be able to sign in to the AWS access portal based on the format they use to enter in their user name on the sign in page. For the most part, users can sign in to the user portal using either their plain user name, their down-level logon name (DOMAIN\UserName) or their UPN logon name (`[email protected]`). The exception to this is when IAM Identity Center is using a connected directory that has been enabled with MFA and the verification mode has been set to either **Context-aware** or **Always-on**. In this scenario, users must sign in with their down-level logon name (DOMAIN\UserName). For more information, see [MFA for Identity Center directory users](./enable-mfa.html). For general information about user name formats used to sign in to Active Directory, see [User Name Formats](https://docs.microsoft.com/en-us/windows/desktop/secauthn/user-name-formats) on the Microsoft documentation website.