AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-10-25 · Documentation low

File: cognito/latest/developerguide/cognito-user-pools-managed-login.md

Summary

Added clarification on managed login scope, including unsupported features like profile management and MFA preference changes.

Security assessment

This change clarifies functional limitations of managed login but does not address a specific security vulnerability or introduce new security features. It informs developers of responsibilities but lacks direct security implications.

Diff

diff --git a/cognito/latest/developerguide/cognito-user-pools-managed-login.md b/cognito/latest/developerguide/cognito-user-pools-managed-login.md
index d59e3314e..d20ffb932 100644
--- a//cognito/latest/developerguide/cognito-user-pools-managed-login.md
+++ b//cognito/latest/developerguide/cognito-user-pools-managed-login.md
@@ -237,0 +238,4 @@ For user pool [local users](./cognito-terms.html#terms-localuser), managed login
+###### Managed login scope of operations
+
+Managed login and the classic hosted UI support sign-up, sign-in, and password management. This includes completing sign-in with multi-factor authentication (MFA) and registration of webAuthn authenticators. Managed login doesn't support user self-service profile management like attribute changes and setting of MFA preference. You must implement profile management in your own application code. Managed login also doesn't provide the capacity to confirm attribute changes when you update email addresses and phone numbers as an administrator with the [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API operation.
+