AWS Security ChangesHomeSearch

AWS singlesignon documentation change

Service: singlesignon · 2026-01-28 · Documentation low

File: singlesignon/latest/userguide/enable-identity-center-portal-access.md

Summary

Expanded allow list documentation with dual-stack endpoints and combined IPv4/dual-stack entries for web content filtering.

Security assessment

Adds documentation for network security controls (allow lists) but doesn't address a specific vulnerability. Enhances security posture by clarifying endpoint requirements.

Diff

diff --git a/singlesignon/latest/userguide/enable-identity-center-portal-access.md b/singlesignon/latest/userguide/enable-identity-center-portal-access.md
index da1096a15..f30e51877 100644
--- a//singlesignon/latest/userguide/enable-identity-center-portal-access.md
+++ b//singlesignon/latest/userguide/enable-identity-center-portal-access.md
@@ -17 +17,3 @@ If you filter access to specific AWS domains or URL endpoints by using a web con
-The following list provides the domains and URL endpoints to add to your web-content filtering solution allowlists.
+The following list provides the IPv4 and dual-stack domains and URL endpoints to add to your web-content filtering solution allowlists.
+
+###### IPv4 allow list
@@ -49,0 +52,82 @@ The following list provides the domains and URL endpoints to add to your web-con
+###### Dual-stack allow list
+
+  * `ssoins-`[IdC Instance ID]`.portal.`[Region]`.app.aws`
+
+  * `*.aws.dev`
+
+  * `*.awsstatic.com`
+
+  * `*.console.aws.a2z.com`
+
+  * `oidc.`[Region]`.api.aws`
+
+  * `sso.`[Region]`.api.aws`
+
+  * `portal.sso.`[Region]`.api.aws`
+
+  * ``[Region]`.sso.signin.aws`
+
+  * ``[Region]`.signin.aws.amazon.com`
+
+  * `signin.aws.amazon.com`
+
+  * `*.cloudfront.net`
+
+  * `cdn.us-east-1.threat-mitigation.aws.amazon.com`
+
+  * `us-east-1.threat-mitigation.aws.amazon.com`
+
+  * `amcs-captcha-prod-us-east-1.s3.dualstack.us-east-1.amazonaws.com`
+
+
+
+
+###### Combined allow list (IPv4 + Dual-stack with backward compatibility)
+
+  * ``[Directory ID or alias]`.awsapps.com`
+
+  * `ssoins-`[IdC Instance ID]`.portal.`[Region]`.app.aws`
+
+  * `*.aws.dev`
+
+  * `*.awsstatic.com`
+
+  * `*.console.aws.a2z.com`
+
+  * `oidc.`[Region]`.amazonaws.com`
+
+  * `oidc.`[Region]`.api.aws`
+
+  * `*.sso.amazonaws.com`
+
+  * `*.sso.`[Region]`.amazonaws.com`
+
+  * `sso.`[Region]`.api.aws`
+
+  * `*.sso-portal.`[Region]`.amazonaws.com`
+
+  * `portal.sso.`[Region]`.api.aws`
+
+  * ``[Region]`.prod.pr.panorama.console.api.aws/panoramaroute`
+
+  * ``[Region]`.signin.aws`
+
+  * ``[Region]`.sso.signin.aws`
+
+  * ``[Region]`.signin.aws.amazon.com`
+
+  * `signin.aws.amazon.com`
+
+  * `*.cloudfront.net`
+
+  * `opfcaptcha-prod.s3.amazonaws.com`
+
+  * `cdn.us-east-1.threat-mitigation.aws.amazon.com`
+
+  * `us-east-1.threat-mitigation.aws.amazon.com`
+
+  * `amcs-captcha-prod-us-east-1.s3.dualstack.us-east-1.amazonaws.com`
+
+
+
+