AWS Security ChangesHomeSearch

AWS singlesignon documentation change

Service: singlesignon · 2025-12-07 · Documentation medium

File: singlesignon/latest/developerguide/createuser.md

Summary

Added constraints for 'roles' attribute in SCIM user creation and example role configurations

Security assessment

Clarifies role assignment constraints which helps prevent misconfigurations but doesn't address active vulnerabilities

Diff

diff --git a/singlesignon/latest/developerguide/createuser.md b/singlesignon/latest/developerguide/createuser.md
index 001d8a0a5..03c55d82d 100644
--- a//singlesignon/latest/developerguide/createuser.md
+++ b//singlesignon/latest/developerguide/createuser.md
@@ -32 +32 @@ The IAM Identity Center SCIM implementation has the following constraints for th
-  * We do not support multiple values in multi-value attributes (such as `emails`, `addresses`, `phoneNumbers`). Only single values are permitted. 
+  * We do not support multiple values in multi-value attributes (such as `emails`, `addresses`, `phoneNumbers`, `roles`). Only single values are permitted. 
@@ -39,0 +40,2 @@ The IAM Identity Center SCIM implementation has the following constraints for th
+  * The `roles` attribute value cannot contain display field, only `value`, `type`, and `primary` are supported.
+
@@ -105,0 +108,7 @@ Following are example requests and responses for this API operation.
+      "roles": [
+        {
+            "value": "Researcher",
+            "type": "work",
+            "primary": true
+        }
+      ],
@@ -185,0 +195,7 @@ Following are example requests and responses for this API operation.
+        "roles": [
+            {
+                "value": "Researcher",
+                "type": "work",
+                "primary": true
+            }
+        ],