AWS singlesignon documentation change
Summary
Added note to sync groups directly from trusted on-premises domains instead of AWS Managed Microsoft AD to ensure successful synchronization
Security assessment
Documents identity synchronization best practice to prevent access failures. Addresses potential misconfiguration but not specific vulnerabilities.
Diff
diff --git a/singlesignon/latest/userguide/manage-sync-add-users-groups-configurable-ADsync.md b/singlesignon/latest/userguide/manage-sync-add-users-groups-configurable-ADsync.md index 26d2e46b2..5f34117b4 100644 --- a//singlesignon/latest/userguide/manage-sync-add-users-groups-configurable-ADsync.md +++ b//singlesignon/latest/userguide/manage-sync-add-users-groups-configurable-ADsync.md @@ -6,0 +7,4 @@ +###### Note + +When adding groups to your sync scope, sync groups directly from the trusted on-premises domain rather than from groups in the AWS Managed Microsoft AD domain. Groups synced directly from the trusted domain contain actual user objects that IAM Identity Center can access and synchronize successfully. +