AWS quicksuite medium security documentation change
Summary
Clarified IAM Identity Center authentication steps and identity propagation requirements
Security assessment
Explicit user-email mapping and SCIM propagation requirements prevent identity synchronization failures that could cause unauthorized Teams access.
Diff
diff --git a/quicksuite/latest/userguide/teams-extension.md b/quicksuite/latest/userguide/teams-extension.md index 5720d041e..c07be618d 100644 --- a//quicksuite/latest/userguide/teams-extension.md +++ b//quicksuite/latest/userguide/teams-extension.md @@ -57 +57 @@ If you configured the authentication to connect to Amazon Quick Suite with IAM I - 2. Ensure that every user under your Entra ID or Okta provider configuration has an email associated with them. + 2. If you are connecting an external IAM provider to IAM Identity Center, ensure that every user under your IAM provider configuration has an email associated with them. @@ -59 +59 @@ If you configured the authentication to connect to Amazon Quick Suite with IAM I - 3. If using Entra ID, set up SCIM identity propagation between the Microsoft Entra ID instance and IAM Identity Center. For detailed steps, see [Configure SAML and SCIM with Microsoft Entra ID and IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/azure-ad-idp.html). + 3. If you are using Entra ID, set up SCIM identity propagation between the Microsoft Entra ID instance and IAM Identity Center. For detailed steps, see [Configure SAML and SCIM with Microsoft Entra ID and IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/azure-ad-idp.html).