AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-11-07 · Documentation low

File: prescriptive-guidance/latest/security-reference-architecture/workplace-iam-identity-center.md

Summary

Fixed markdown formatting for permission sets link by removing trailing period inside link markup

Security assessment

Change only corrects markdown syntax formatting of a documentation link. No security implications or content changes.

Diff

diff --git a/prescriptive-guidance/latest/security-reference-architecture/workplace-iam-identity-center.md b/prescriptive-guidance/latest/security-reference-architecture/workplace-iam-identity-center.md
index 3b594e462..0d0349fe1 100644
--- a//prescriptive-guidance/latest/security-reference-architecture/workplace-iam-identity-center.md
+++ b//prescriptive-guidance/latest/security-reference-architecture/workplace-iam-identity-center.md
@@ -64 +64 @@ You can also connect your existing Microsoft Active Directory to IAM Identity Ce
-  * IAM Identity Center doesn't currently support the use of idle timeout, where the user's session times out or is extended based on activity. It does support [session duration](https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html) for the AWS access portal and IAM Identity Center integrated applications. You can configure session duration between 15 minutes and 90 days. You can [view and delete active AWS access portal sessions for IAM Identity Center users](https://docs.aws.amazon.com/singlesignon/latest/userguide/delete-user-session.html). However, modifying and ending AWS access portal sessions have no effect on the session duration of the AWS Management Console, which is defined in [permission sets.](https://docs.aws.amazon.com/singlesignon/latest/userguide/howtosessionduration.html)
+  * IAM Identity Center doesn't currently support the use of idle timeout, where the user's session times out or is extended based on activity. It does support [session duration](https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html) for the AWS access portal and IAM Identity Center integrated applications. You can configure session duration between 15 minutes and 90 days. You can [view and delete active AWS access portal sessions for IAM Identity Center users](https://docs.aws.amazon.com/singlesignon/latest/userguide/delete-user-session.html). However, modifying and ending AWS access portal sessions have no effect on the session duration of the AWS Management Console, which is defined in [permission sets](https://docs.aws.amazon.com/singlesignon/latest/userguide/howtosessionduration.html).
@@ -122 +122 @@ We recommend that you use IAM Identity Center with an external IdP. However, if
-  * IAM Identity Center is a workforce identity management service, so it requires human interaction to complete the authentication process for programmatic access. If you need short-term credentials for machine-to-machine authentication, explore Amazon [EC2 instance profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html)s for workloads in AWS or [IAM Roles Anywhere](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/introduction.html) for workloads outside AWS.
+  * IAM Identity Center is a workforce identity management service, so it requires human interaction to complete the authentication process for programmatic access. If you need short-term credentials for machine-to-machine authentication, explore [EC2 instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html) for workloads in AWS or [IAM Roles Anywhere](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/introduction.html) for workloads outside AWS.
@@ -124 +124 @@ We recommend that you use IAM Identity Center with an external IdP. However, if
-  * IAM Identity Center provides access to resources in AWS accounts within your organizations. However, if you want to provide single sign-on access to external accounts (that is, AWS accounts outside your organisation) by using IAM Identity Center without inviting those accounts into your organizations, you can [configure the external accounts as SAML applications in IAM Identity Center.](https://static.global.sso.amazonaws.com/app-4a24b6fe5e450fa2/instructions/index.htm)
+  * IAM Identity Center provides access to resources in AWS accounts within your organizations. However, if you want to provide single sign-on access to external accounts (that is, AWS accounts outside your organisation) by using IAM Identity Center without inviting those accounts into your organizations, you can [configure the external accounts as SAML applications in IAM Identity Center](https://static.global.sso.amazonaws.com/app-4a24b6fe5e450fa2/instructions/index.htm).
@@ -126 +126 @@ We recommend that you use IAM Identity Center with an external IdP. However, if
-  * IAM Identity Center supports integration with temporary elevated access management (TEAM) solutions (also known as just-in-time access). This integration provides time-bound elevated access to your multi-account AWS environment at scale. Temporary elevated access allows users to request access to perform a specific task for a specific period of time. An approver reviews each request and decides whether to approve or reject it. IAM Identity Center supports both vendor-managed TEAM solutions from [supported AWS security partners](https://docs.aws.amazon.com/singlesignon/latest/userguide/temporary-elevated-access.html#validatedpartners) or [self-managed solution](https://aws-samples.github.io/iam-identity-center-team/)s, which you maintain and tailor to address your time-bound access requirements.
+  * IAM Identity Center supports integration with temporary elevated access management (TEAM) solutions (also known as just-in-time access). This integration provides time-bound elevated access to your multi-account AWS environment at scale. Temporary elevated access allows users to request access to perform a specific task for a specific period of time. An approver reviews each request and decides whether to approve or reject it. IAM Identity Center supports both vendor-managed TEAM solutions from [supported AWS security partners](https://docs.aws.amazon.com/singlesignon/latest/userguide/temporary-elevated-access.html#validatedpartners) or [self-managed solutions](https://aws-samples.github.io/iam-identity-center-team/), which you maintain and tailor to address your time-bound access requirements.