AWS Security ChangesHomeSearch

AWS controltower documentation change

Service: controltower · 2026-04-19 · Documentation low

File: controltower/latest/userguide/provision-as-end-user.md

Summary

Added note about SSO user parameters not being used when IAM Identity Center is disabled, with guidance on placeholder values.

Security assessment

This adds a clarification note about feature behavior but contains no security context, vulnerabilities, or security feature documentation.

Diff

diff --git a/controltower/latest/userguide/provision-as-end-user.md b/controltower/latest/userguide/provision-as-end-user.md
index b533dd889..204163042 100644
--- a//controltower/latest/userguide/provision-as-end-user.md
+++ b//controltower/latest/userguide/provision-as-end-user.md
@@ -10,0 +11,4 @@ The following procedure describes how to create and provision accounts as a user
+###### Note
+
+If you have disabled IAM Identity Center in your landing zone settings, the SSO user parameters (`SSOUserEmail`, `SSOUserFirstName`, and `SSOUserLastName`) are not used during account provisioning. If desired, you can provide placeholder values for these required parameters and modify them later by following the instructions in [Update the provisioned product in Service Catalog](./update-provisioned-product.html).
+