AWS Security ChangesHomeSearch

AWS singlesignon documentation change

Service: singlesignon · 2026-03-22 · Documentation low

File: singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md

Summary

Updated SAML provider ARN placeholder and expanded allowed audiences

Security assessment

Improved documentation for secure SAML configuration by using proper placeholders and expanding valid audience URIs. Enhances security best practice guidance but doesn't fix active vulnerabilities.

Diff

diff --git a/singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md b/singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md
index c618f756a..e33113f3b 100644
--- a//singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md
+++ b//singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md
@@ -37 +37 @@ JSON
-                "Federated":"arn:aws:iam::123456789012:saml-provider/Okta"
+                "Federated":"arn:aws:iam::123456789012:saml-provider/[SAML PROVIDER NAME]"
@@ -45 +45,6 @@ JSON
-                   "SAML:aud": "https://signin.aws.amazon.com/saml"
+                   "SAML:aud": [
+                            "https://signin.aws.amazon.com/saml",
+                            "https://us-west-2.signin.aws.amazon.com/saml",
+                            "https://us-west-1.signin.aws.amazon.com/saml",
+                            "https://us-east-2.signin.aws.amazon.com/saml"
+                   ]