AWS singlesignon documentation change
Summary
Removed a note about CyberArk IdP not supporting SAML multiple assertion consume service (ACS) URLs and its impact on multi-Region support in IAM Identity Center.
Security assessment
The change removes documentation about a functional limitation that could affect user experience in multi-Region setups, but there is no evidence of a security vulnerability or incident being addressed. It may relate to access resilience but lacks concrete security context.
Diff
diff --git a/singlesignon/latest/userguide/cyberark-idp.md b/singlesignon/latest/userguide/cyberark-idp.md index 5304d6ba4..1e877c4d5 100644 --- a//singlesignon/latest/userguide/cyberark-idp.md +++ b//singlesignon/latest/userguide/cyberark-idp.md @@ -13,4 +12,0 @@ IAM Identity Center supports automatic provisioning (synchronization) of user in -###### Note - -CyberArk doesn’t currently support SAML multiple assertion consume service (ACS) URLs in the AWS IAM Identity Center application. This SAML feature is required to fully take advantage of [multi-Region support](./multi-region-iam-identity-center.html) in IAM Identity Center. If you plan to replicate IAM Identity Center to additional Regions, be aware that using a single ACS URL may affect the user experience in those additional Regions. Your primary Region will continue to function normally. We recommend that you work with your IdP vendor to enable this feature. For more information about the user experience in additional Regions with a single ACS URL, see [Using AWS managed applications without multiple ACS URLs](./multi-region-workforce-access.html#aws-app-use-without-multiple-acs-urls) and [AWS account access resiliency without multiple ACS URLs](./multi-region-failover.html#account-access-resiliency-without-multiple-acs-url). -