Skip to main content

Changelog

All notable changes to Prism and its documentation are listed here, with the most recent entries first.

June 2026

Read-Only Admin Access

Released: June 2026

Admins can now be granted read-only access to the Prism Admin Portal. A read-only admin can sign in and view everything, including the configured permission sets and the SCP/Organizations policies currently applied, along with users, groups, assignments, accounts, and identity providers, but cannot create, edit, or delete any resource.

Highlights

  • New Read-only access level, selectable when promoting a user in Preferences > Admin Management.
  • Switch an existing admin between Full admin and Read-only at any time with the per-row Make Read-only / Make Full Admin action (Super Admin only).
  • All modification controls are disabled for read-only admins, and any change is blocked server-side, view-only is enforced, not just hidden in the UI.
  • Scoped to the Admin Portal only: a read-only admin's JIT access and AWS SSO sign-in are unaffected.

See Preferences > Admin Management for the full guide.

May 2026

Passwordless Passkeys

Released: May 2026

Workforce users can now sign in with a passkey, a FIDO2 credential (platform biometrics, a phone, a hardware security key, or a password manager), instead of a password. Admins enable it per realm and enforce it per user alongside the existing authenticator-app (TOTP) option.

Highlights

  • New Passwordless Passkeys toggle in Preferences > Admin Management enables passkey sign-in for the realm.
  • Enforce Authenticator app or Passkey per user from the Multi-Factor Authentication panel.
  • Enrolled at next login; afterward users sign in passwordless via the "Sign in with passkey" button. Password + authenticator-app stays available as a fallback.

See Preferences > Admin Management for the full guide.

Permission set Relay state

Released: May 2026

Permission sets now accept an optional Relay state, an AWS console URL the user is forwarded to immediately after federation. Use it to land each permission set on the page that matches its purpose (an EC2 operator goes to the EC2 console, a billing reviewer goes to the billing console, and so on).

Highlights

  • New Relay state field on the permission set create and edit forms (up to 320 characters; AWS-allowed character set).
  • Configured value is shown on the permission set detail view.
  • Takes effect on the next sign-in, existing assignments do not need to be re-issued.
  • Empty relay state preserves today's behavior: users land on the default AWS console homepage.

See Permission Sets > Relay state for the field reference and ready-to-paste examples.

February 2026

Prism Documentation Site - Initial Release

Released: February 2026

The Prism documentation site has been published with comprehensive coverage of all three Prism portals and platform capabilities.

What's Included

Getting Started

  • Prerequisites and system requirements
  • Initial setup guide for new organizations
  • First login instructions for all portals
  • Quick start guides for admins, JIT users, and CloudTrail users

Admin Portal Documentation

  • Dashboard overview
  • User management: create, edit, delete users, manage MFA, assign to groups
  • Group management: create, delete, manage members
  • Permission set management: create, edit, delete, AWS managed policies, inline IAM policies
  • Assignment management: create, delete, user assignments, group assignments
  • AWS account management: onboard, rename, manage owners, delete
  • Identity provider configuration: Google OAuth, Microsoft OAuth, custom OIDC
  • Custom application configuration: SAML applications
  • Preferences: admin management, SCIM configuration, API tokens, replication, log export settings
  • Logs: audit logs, access logs

JIT Access Portal Documentation

  • Authentication and portal access
  • Request access: standard and custom permission sets
  • My requests and active sessions tracking
  • Approver guide: pending approvals, request history, approve/reject workflow, manage sessions, owned accounts

CloudTrail Documentation

  • Trail list overview
  • Trail creation wizard: trail settings, account selection, S3 bucket configuration, event configuration
  • Trail detail view and trail editing
  • Event types: management events, data events, insight events, network activity events

Troubleshooting

  • Login and authentication issues
  • SSO configuration problems
  • Permission and access errors
  • JIT request issues
  • CloudTrail setup issues