AWS controltower documentation change
Summary
Clarified that SSO user parameters are not used when IAM Identity Center is disabled, and added guidance about placeholder values.
Security assessment
This is a routine documentation clarification about feature behavior when IAM Identity Center is disabled. No security vulnerabilities or incidents are mentioned, and it doesn't add security documentation.
Diff
diff --git a/controltower/latest/userguide/automated-provisioning-walkthrough.md b/controltower/latest/userguide/automated-provisioning-walkthrough.md index 79a4f7c98..7f8904187 100644 --- a//controltower/latest/userguide/automated-provisioning-walkthrough.md +++ b//controltower/latest/userguide/automated-provisioning-walkthrough.md @@ -15 +15 @@ AWS Control Tower is integrated with several other AWS services, such as AWS Ser -If you have opted out of IAM Identity Center in your landing zone settings, values you provide during account provisioning with the AWS Service Catalog APIs or console are not used. +If you have disabled IAM Identity Center in your landing zone settings, the SSO user parameters (`SSOUserEmail`, `SSOUserFirstName`, and `SSOUserLastName`) are not used during account provisioning. If desired, you can provide placeholder values for these required parameters and modify them later by following the instructions in [Update the provisioned product in Service Catalog](./update-provisioned-product.html).