AWS singlesignon medium security documentation change
Summary
Added member account access notes, new User attributes (Birthdate/Photos/UserStatus/Website), and KMS error reason documentation
Security assessment
Includes security-related documentation about access control boundaries for member accounts and adds KMS-specific error reasons. The Photos attribute with storage of image URLs and new audit fields (CreatedAt/UpdatedBy) improve security visibility. KMS error details help identify encryption-related permission issues.
Diff
diff --git a/singlesignon/latest/IdentityStoreAPIReference/API_ListUsers.md b/singlesignon/latest/IdentityStoreAPIReference/API_ListUsers.md index c3340785d..ce58d60b4 100644 --- a//singlesignon/latest/IdentityStoreAPIReference/API_ListUsers.md +++ b//singlesignon/latest/IdentityStoreAPIReference/API_ListUsers.md @@ -8,0 +9,6 @@ Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsExamplesSe +Lists all users in the identity store. Returns a paginated list of complete `User` objects. Filtering for a `User` by the `UserName` attribute is deprecated. Instead, use the `GetUserId` API action. + +###### Note + +If you have access to a member account, you can use this API operation from the member account. For more information, see [Limiting access to the identity store from member accounts](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html#limiting-access-from-member-accounts) in the _AWS IAM Identity Center User Guide_. + @@ -98,0 +105,3 @@ Required: No + "[Birthdate](./API_User.html#singlesignon-Type-User-Birthdate)": "**_string_** ", + "[CreatedAt](./API_User.html#singlesignon-Type-User-CreatedAt)": **_number_** , + "[CreatedBy](./API_User.html#singlesignon-Type-User-CreatedBy)": "**_string_** ", @@ -130,0 +140,8 @@ Required: No + "[Photos](./API_User.html#singlesignon-Type-User-Photos)": [ + { + "[Display](./API_Photo.html#singlesignon-Type-Photo-Display)": "**_string_** ", + "[Primary](./API_Photo.html#singlesignon-Type-Photo-Primary)": **_boolean_** , + "[Type](./API_Photo.html#singlesignon-Type-Photo-Type)": "**_string_** ", + "[Value](./API_Photo.html#singlesignon-Type-Photo-Value)": "**_string_** " + } + ], @@ -134,0 +152,2 @@ Required: No + "[UpdatedAt](./API_User.html#singlesignon-Type-User-UpdatedAt)": **_number_** , + "[UpdatedBy](./API_User.html#singlesignon-Type-User-UpdatedBy)": "**_string_** ", @@ -137 +156,3 @@ Required: No - "[UserType](./API_User.html#singlesignon-Type-User-UserType)": "**_string_** " + "[UserStatus](./API_User.html#singlesignon-Type-User-UserStatus)": "**_string_** ", + "[UserType](./API_User.html#singlesignon-Type-User-UserType)": "**_string_** ", + "[Website](./API_User.html#singlesignon-Type-User-Website)": "**_string_** " @@ -174,0 +196,5 @@ You do not have sufficient access to perform this action. +**Reason** + + +Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included. + @@ -203,0 +230,5 @@ Indicates that a requested resource is not found. +**Reason** + + +Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included. + @@ -225,0 +257,5 @@ Indicates that the principal has crossed the throttling limits of the API operat +**Reason** + + +Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included. + @@ -242,0 +279,5 @@ The request failed because it contains a syntax error. +**Reason** + + +Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included. +