AWS singlesignon documentation change
Summary
Multiple terminology updates replacing 'AWS Directory Service' with 'Directory Service' in trust relationship context
Security assessment
Changes focus on product name standardization rather than modifying security guidance. The security-related content about two-way trusts and userAccountControl permissions remains functionally unchanged, only terminology is updated.
Diff
diff --git a/singlesignon/latest/userguide/connectonpremad.md b/singlesignon/latest/userguide/connectonpremad.md index 6f4bf2914..cba0fad21 100644 --- a//singlesignon/latest/userguide/connectonpremad.md +++ b//singlesignon/latest/userguide/connectonpremad.md @@ -11 +11 @@ Users in your self-managed directory in Active Directory (AD) can also have sing -AWS IAM Identity Center requires a two-way trust so that it has permissions to read user and group information from your domain to synchronize user and group metadata. IAM Identity Center uses this metadata when assigning access to permission sets or applications. User and group metadata is also used by applications for collaboration, like when you share a dashboard with another user or group. The trust from AWS Directory Service for Microsoft Active Directory to your domain permits IAM Identity Center to trust your domain for authentication. The trust in the opposite direction grants AWS permissions to read user and group metadata. +AWS IAM Identity Center requires a two-way trust so that it has permissions to read user and group information from your domain to synchronize user and group metadata. IAM Identity Center uses this metadata when assigning access to permission sets or applications. User and group metadata is also used by applications for collaboration, like when you share a dashboard with another user or group. The trust from Directory Service for Microsoft Active Directory to your domain permits IAM Identity Center to trust your domain for authentication. The trust in the opposite direction grants AWS permissions to read user and group metadata. @@ -17 +17 @@ For more information about setting up a two-way trust, see [When to Create a Tru -In order to use AWS applications, like IAM Identity Center to read AWS Directory Service directory users from trusted domains, the AWS Directory Service accounts require permissions to the userAccountControl attribute on the trusted users. Without read permissions to this attribute, AWS applications are unable to determine if the account is enabled or disabled. +In order to use AWS applications, like IAM Identity Center to read Directory Service directory users from trusted domains, the Directory Service accounts require permissions to the userAccountControl attribute on the trusted users. Without read permissions to this attribute, AWS applications are unable to determine if the account is enabled or disabled. @@ -25 +25 @@ Read access to this attribute is provided by default when a trust is created. If - * If you use AD Connector to connect your Active Directory Domain Service to IAM Identity Center, IAM Identity Center only has access to the users and groups of the single domain to which AD Connector attaches. If you need to support multiple domains or forests, use AWS Directory Service for Microsoft Active Directory. + * If you use AD Connector to connect your Active Directory Domain Service to IAM Identity Center, IAM Identity Center only has access to the users and groups of the single domain to which AD Connector attaches. If you need to support multiple domains or forests, use Directory Service for Microsoft Active Directory.