AWS Security ChangesHomeSearch

AWS controltower documentation change

Service: controltower · 2026-04-19 · Documentation low

File: controltower/latest/userguide/automated-provisioning-walkthrough.md

Summary

Clarified that SSO user parameters are not used when IAM Identity Center is disabled, and added guidance about placeholder values.

Security assessment

This is a routine documentation clarification about feature behavior when IAM Identity Center is disabled. No security vulnerabilities or incidents are mentioned, and it doesn't add security documentation.

Diff

diff --git a/controltower/latest/userguide/automated-provisioning-walkthrough.md b/controltower/latest/userguide/automated-provisioning-walkthrough.md
index 79a4f7c98..7f8904187 100644
--- a//controltower/latest/userguide/automated-provisioning-walkthrough.md
+++ b//controltower/latest/userguide/automated-provisioning-walkthrough.md
@@ -15 +15 @@ AWS Control Tower is integrated with several other AWS services, such as AWS Ser
-If you have opted out of IAM Identity Center in your landing zone settings, values you provide during account provisioning with the AWS Service Catalog APIs or console are not used.
+If you have disabled IAM Identity Center in your landing zone settings, the SSO user parameters (`SSOUserEmail`, `SSOUserFirstName`, and `SSOUserLastName`) are not used during account provisioning. If desired, you can provide placeholder values for these required parameters and modify them later by following the instructions in [Update the provisioned product in Service Catalog](./update-provisioned-product.html).