AWS Security ChangesHomeSearch

AWS singlesignon documentation change

Service: singlesignon · 2025-12-10 · Documentation low

File: singlesignon/latest/IdentityStoreAPIReference/API_CreateUser.md

Summary

Added 'Extensions' parameter to support enterprise attributes in user creation. Updated ConflictException error description to clarify KMS key access issues.

Security assessment

The change adds enterprise attribute extensions but doesn't address any security vulnerability. The error message update clarifies KMS access issues but doesn't indicate a security fix.

Diff

diff --git a/singlesignon/latest/IdentityStoreAPIReference/API_CreateUser.md b/singlesignon/latest/IdentityStoreAPIReference/API_CreateUser.md
index 15aa9eb57..81d023270 100644
--- a//singlesignon/latest/IdentityStoreAPIReference/API_CreateUser.md
+++ b//singlesignon/latest/IdentityStoreAPIReference/API_CreateUser.md
@@ -35,0 +36,3 @@ Creates a user within the specified identity store.
+       "Extensions": { 
+          "string" : JSON value 
+       },
@@ -124,0 +128,15 @@ Required: No
+**Extensions **
+    
+
+A map with additional attribute extensions for the user. Each map key corresponds to an extension name, while map values represent extension data in `Document` type (not supported by Java V1, Go V1 and older versions of the AWS CLI). `aws:identitystore:enterprise` is the only supported extension name.
+
+Type: String to JSON value map
+
+Map Entries: Maximum number of 10 items.
+
+Key Length Constraints: Minimum length of 1. Maximum length of 50.
+
+Key Pattern: `aws:identitystore:[a-z]{1,20}`
+
+Required: No
+
@@ -358,8 +376 @@ This request cannot be completed for one of the following reasons:
-This request cannot be completed for one of the following reasons:
-
-  * Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
-
-  * The requested resource was being concurrently modified by another request.
-
-
-
+Indicates the reason for a conflict error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.
@@ -522 +533,13 @@ This example creates a new user in the specified identity store.
-        "Timezone": "pdt"
+        "Timezone": "pdt",
+        "Extensions": {
+            "aws:identitystore:enterprise": {
+                "employeeNumber": "701984",
+                "costCenter": "4130",
+                "organization": "Universal Studios",
+                "division": "Theme Park",
+                "department": "Tour Operations",
+                "manager": {
+                    "value": "a1b2c3d4-5678-90ab-cdef-EXAMPLE44444"
+                }
+            }
+        }