Normal view

Received — 27 January 2026

IAM Identity Center now supports IPv6

✇AWS Security Blog
By: Suchintya Dandapat
26 January 2026 at 21:17

Amazon Web Services (AWS) recommends using AWS IAM Identity Center to provide your workforce access to AWS managed applications—such as Amazon Q Developer—and AWS accounts. Today, we announced IAM Identity Center support for IPv6. To learn more about the advantages of IPv6, visit the IPv6 product page.

When you enable IAM Identity center, it provides an access portal for workforce users to access their AWS applications and accounts either by signing in to the access portal using a URL or by using a bookmark for the application URL. In either case, the access portal handles user authentication before granting access to applications and accounts. Supporting both IPv4 and IPv6 connectivity to the access portal helps facilitate seamless access for clients, such as browsers and applications, regardless of their network configuration.

The launch of IPv6 support in IAM Identity Center introduces new dual-stack endpoints that support both IPv4 and IPv6, so that users can connect using IPv4, IPv6, or dual-stack clients. Current IPv4 endpoints continue to function with no action required. The dual stack capability offered by Identity Center extends to managed applications. When users access the application dual-stack endpoint, the application automatically routes to the Identity Center dual-stack endpoint for authentication. To use Identity Center from IPv6 clients, you must direct your workforce to use the new dual-stack endpoints, and update configurations on your external identity provider (IdP), if you use one.

In this post, we show you how to update your configuration to allow IPv6 clients to connect directly to IAM Identity Center endpoints without requiring network address translation services. We also show you how to monitor which endpoint users are connecting to. Before diving into the implementation details, let’s review the key phases of the transition process.

Transition overview

To use IAM Identity Center from an IPv6 network and client, you need to use the new dual-stack endpoints. Figure 1 shows what the transition from IPv4 to IPv6 over dual-stack endpoints looks like when using Identity Center. The figure shows:

  • A before state where clients use the IPv4 endpoints.
  • The transition phase, when your clients use a combination of IPv4 and dual-stack endpoints.
  • After the transition is complete, your clients will connect to dual-stack endpoints using their IPv4 or IPv6, depending on their preferences.

Figure 1: Transition from IPv4-only to dual-stack endpoints

Figure 1: Transition from IPv4-only to dual-stack endpoints

Prerequisites

You must have the following prerequisites in place to enable IPv6 access for your workforce users and administrators:

  • An existing IAM Identity Center instance
  • Updated firewalls or gateways to include the new dual-stack endpoints
  • IPv6 capable clients and networks

Work with your network administrators to update the configuration of your firewalls and gateways and to verify that your clients, such as laptops or desktops, are ready to accept IPv6 connectivity. If you have already enabled IPv6 connectivity for other AWS services, you might be familiar with these changes. Next, implement the two steps that follow.

Step 1: Update your IdP configuration

You can skip this step If you don’t use an external IdP as your identity source.

In this step, you update the Assertion Consumer Service (ACS) URL from your IAM Identity Center instance into your IdP’s configuration for single sign-on and the SCIM configuration for user provisioning. Your IdP’s capability determines how you update the ACS URLs. If your IdP supports multiple ACS URLs, configure both IPv4 and dual-stack URLs to enable a flexible transition. With that configuration, some users can continue using IPv4-only endpoints while others use dual-stack endpoints for IPv6. If your IdP supports only one ACS URL, to use IPv6 you must update the new dual-stack ACS URL in your IdP and transition all users to using dual-stack endpoints. If you don’t use an external IdP, you can skip this step and go to the next step.

Update both the SAML single sign-on and the SCIM provisioning configurations:

  1. Update the single sign-on settings in your IdP to use the new dual-stack URLs. First, locate the URLs in the AWS Management Console for IAM Identity Center.
    1. Choose Settings in the navigation pane and then select Identity source.
    2. Choose Actions and select Manage authentication.
    3. in Under Manage SAML 2.0 authentication, you will find the following URLs under Service provider metadata:
      • AWS access portal sign-in URL
      • IAM Identity Center Assertion Consumer Service (ACS) URL
      • IAM Identity Center issuer URL
  2. If your IdP supports multiple ACS URLs, then add the dual-stack URL to your IdP configuration alongside existing IPv4 one. With this setting, you and your users can decide when to start using the dual-stack endpoints, without all users in your organization having to switch together.

    Figure 2: Dual-stack single sign-on URLs

    Figure 2: Dual-stack single sign-on URLs

  3. If your IdP does not support multiple ACS URLs, replace the existing IPv4 URL with the new dual-stack URL, and switch your workforce to use only the dual-stack endpoints.
  4. Update the provisioning endpoint in your IdP. Choose Settings in the navigation pane and under Identity source, choose Actions and select Manage provisioning. Under Automatic provisioning, copy the new SCIM endpoint that ends in api.aws. Update this new URL in your external IdP.

    Figure 3: Dual-stack SCIM endpoint URL

    Figure 3: Dual-stack SCIM endpoint URL

Step 2: Locate and share the new dual-stack endpoints

Your organization needs two kinds of URLs for IPv6 connectivity. The first is the new dual-stack access portal URL that your workforce users use to access their assigned AWS applications and accounts. The dual-stack access portal URL is available in the IAM Identity Center console, listed as the Dual-stack in the Settings summary (you might need to expand the Access portal URLs section, shown in Figure 4).

Figure 4: Locate dual-stack access portal endpoints

Figure 4: Locate dual-stack access portal endpoints

This dual-stack URL ends with app.aws as its top-level domain (TLD). Share this URL with your workforce and ask them to use this dual-stack URL to connect over IPv6. As an example, if your workforce uses the access portal to access AWS accounts, they will need to sign in through the new dual-stack access portal URL when using IPv6 connectivity. Alternately, if your workforce accesses the application URL, you need to enable the dual-stack application URL following application-specific instructions. For more information, see AWS services that support IPv6.

The URLs that administrators use to manage IAM Identity Center are the second kind of URL your organization needs. The new dual-stack service endpoints end in api.aws as their TLD and are listed in the Identity Center service endpoints. Administrators can use these service endpoints to manage users and groups in Identity Center, update their access to applications and resources, and perform other management operations. As an example, if your administrator uses identitystore.{region}.amazonaws.com to manage users and groups in Identity Center, they should now use the dual-stack version of the same service endpoint which is identitystore.{region}.api.aws, so they can connect to service endpoints using IPv6 clients and networks.

If your users or administrators use an AWS SDK to access AWS applications and accounts or manage services, follow Dual-stack and FIPS endpoints to enable connectivity to the dual-stack endpoints.

After completing these two steps, your workforce and administrators can connect to IAM Identity Center using IPv6. Remember, these endpoints also support IPv4, so clients not yet IPv6-capable can continue to connect using IPv4.

Monitoring dual-stack endpoint usage

You can optionally monitor AWS CloudTrail logs to track usage of dual-stack endpoints. The key difference between IPv4-only and dual-stack endpoint usage is the TLD and appears in the clientProvidedHostHeader field. The following example shows the difference between these CloudTrail events for the CreateTokenWithIAM API call.

IPv4-only endpoints Dual-stack endpoints 
"CloudTrailEvent": {
  "eventName": "CreateToken",
  "tlsDetails": {
     "tlsVersion": "TLSv1.3",
     "cipherSuite": "TLS_AES_128_GCM_SHA256",
     "clientProvidedHostHeader": "oidc.us-east-1.amazonaws.com"
  }
}
 
"CloudTrailEvent": {
  "eventName": "CreateToken",
  "tlsDetails": {
     "tlsVersion": "TLSv1.3",
     "cipherSuite": "TLS_AES_128_GCM_SHA256",
     "clientProvidedHostHeader": "oidc.us-east-1.api.aws"
  }
}

Conclusion

IAM Identity Center now allows clients to connect over IPv6 natively with no network address translation infrastructure. This post showed you how to transition your organization to use IPv6 with Identity Center and its integrated applications. Remember that existing IPv4 endpoints will continue to function, so you can transition at your own pace. Also, no immediate action is required by you. However, we recommend planning your transition to take advantage of IPv6 benefits and meet compliance requirements. If you have questions, comments, or concerns, contact AWS Support, or start a new thread in the IAM Identity Center re:Post channel.

 
If you have feedback about this post, submit comments in the Comments section below. If you have questions about this post, contact AWS Support.
 

Suchintya Dandapat Suchintya Dandapat
Suchintya Dandapat is a Principal Product Manager for AWS where he partners with enterprise customers to solve their toughest identity challenges, enabling secure operations at global scale.
Received — 11 January 2026

Why We Built Flashpoint Ignite: Unity, Power, and Performance

✇Threat Intelligence Blog | Flashpoint
By: Patrick Gardner
24 April 2023 at 17:15

Blogs

Blog

Why We Built Flashpoint Ignite: Unity, Power, and Performance

Flashpoint’s Chief Product and Engineering Officer, Patrick Gardner, introduces Flashpoint Ignite—our new platform to accelerate cross-functional threat detection and risk mitigation for CTI, Vulnerability, National Security, and Physical Security teams

SHARE THIS:
Default Author Image
April 24, 2023
Why we built Flashpoint Ignite: Unity, Power, and Performance

Flashpoint has long been known for its industry-leading data collection and finished intelligence. After two major acquisitions in 2022, we have powerful far-reaching visibility with more technology than ever, which presents us with an amazing challenge—how do we put these components together in a way that unlocks even more value for our customers?

Our answer: Ignite—Flashpoint’s brand new, team-tailored, lightning-fast intelligence platform.

What is the Flashpoint Ignite Intelligence Platform?

The Flashpoint Ignite platform is a technology ecosystem that delivers tailored intelligence across multiple security functions in a combined workspace. It enables security teams to connect and remediate risk faster with access to Flashpoint’s extensive intelligence, along with analytical tools to rapidly find relevant data as well as the ability to request custom intelligence support in just a few clicks. 

Ignite is the home of our new Cyber Threat Intelligence, Physical Security Intelligence, Vulnerability Management, and National Security Intelligence solutions, and it provides a unified experience across the organization. With a holistic view of risk in one place, security and intelligence practitioners can finally close the gap between data, intelligence, and action.

“In an overwhelming information landscape, we are doing everything possible to make our customers’ jobs easier.”

Patrick Gardner

Why Did We Build the Flashpoint Ignite Platform?

When I joined Flashpoint in September 2022, I felt like a kid in a candy store. We have an incredible amount of information and capabilities. Our strategy is to make it easy and fast to surface that value for our customers to tackle various challenges. We built Ignite to support this goal and to help our customers solve their challenges more effectively. 

The main pillars we aim to address with the Flashpoint Ignite platform are:

  • Improving user experience by making it intuitive, faster, customizable, and easier to find relevant information.
  • Incorporating custom intelligence requests into the platform to allow users to manage and track their reports in a single unified location.
  • Integrating all of our data so users can see threats end-to-end.

Key Ignite Features

Each solution under the Ignite platform has its own set of powerful features specially designed to support different teams’ intel missions, each of which contribute to an organization’s overarching security objective to protect assets, infrastructure, and stakeholders from cyber and physical threats. 

The real power of Ignite is how we bring these capabilities together with common features across all solutions:

  • Universal Search: Ignite allows users to easily and quickly navigate through the vast landscape of collections and intelligence to find the information they need across text, video, conversations, and images with a single search across all data.  
  • Alerting: Ignite enables users to create intuitive and highly customizable alerts directly from their searches to inform them when pertinent information is uncovered.
  • Reports: Ignite helps teams inform decision-making and prioritize efforts to protect their organizations with a sleek news-style finished intelligence experience that makes it easy to find the content most relevant to your organization’s risk profile and mitigation strategy.

How Ignite Powers Results

In an overwhelming information landscape, we are doing everything possible to make our customers’ jobs easier. These are the main outcomes we aim to deliver with Ignite: 

Enabling teams to achieve more with an integrated Flashpoint experience

  • Ignite delivers a range of solutions to support various security teams while providing the extensibility to integrate and interoperate with other solutions. Teams can easily obtain the information they need to move information forward and remediate risk faster. 

Providing dependable intelligence for everyone

  • We gather data from all different corners of the internet, cut through the noise, and find the answers our customers need to do their jobs faster. Whether they need visibility into the deep and dark web, OSINT/surface web, vulnerabilities, breach data, or geospatial intelligence–our finished intelligence reports and raw collections are right at our users’ fingertips.

Closing the gap between data, intelligence, and action

  • Users can quickly assess their data across all products, streamline workflows, adapt, and take decisive action. Ignite connects multiple tools, so whether our customers are deep in investigative work or consuming reports to stay on top of trends, they can stay ahead of the changing threat landscape.

What’s Next?

With all the strengths Flashpoint has, there’s so much opportunity and we’ve only scratched the surface. Ignite provides a highly flexible and robust technology layer for us to build lightning-fast, easily searchable solutions for teams across the security organization. 

In the future, customers can expect better integrations, more powerful enrichments, increased data correlation, new visualizations, and more relevant information automatically recommended through situational awareness, alleviating the need to spend excess time and resources seeking it out.

Frequently Asked Questions (FAQs)

What is Flashpoint Ignite and why should my organization use it?

Flashpoint Ignite is a unified intelligence platform that brings together cyber threat intelligence, physical security, vulnerability management, and national security data into one workspace. Your organization should use it to eliminate data silos and accelerate the time it takes to detect and remediate risks. By consolidating all of Flashpoint’s industry-leading data into a single, lightning-fast ecosystem, Ignite allows your teams to see threats from end to end.

Flashpoint Ignite SolutionTeam Benefit
Cyber Threat IntelligenceAccelerates investigations into dark web actors and malware.
Physical Security IntelligenceProvides situational awareness for executives and global facilities.
Vulnerability ManagementPrioritizes patching based on real-world exploitability data.

How does Flashpoint Universal Search improve analyst efficiency?

Flashpoint Universal Search improves efficiency by allowing analysts to query the platform’s vast collections of text, video, images, and technical data with a single search. Instead of toggling between different tools or datasets, Universal Search within Flashpoint Ignite surfaces all relevant information instantly. This “one-stop” search capability acts as a force multiplier, giving analysts back the time and energy they used to spend on manual data aggregation.

  • Unified Results: See dark web chatter, technical indicators, and media in one view.
  • Format Flexibility: Search for keywords within videos and images using OCR and logo detection.
  • Speed-to-Insight: Reduces the steps required to validate a threat and move toward action.

Why is the unified experience in Flashpoint Ignite better than using separate tools?

The unified experience in Flashpoint Ignite is better because it closes the dangerous gap between data, intelligence, and action. Using separate tools often leads to missed correlations and slower response times. In Flashpoint Ignite, security and intelligence practitioners can view cyber and physical risks side-by-side, ensuring that every decision is backed by a holistic understanding of the organization’s risk profile.

Traditional Multi-Tool ApproachFlashpoint Ignite Unified Experience
Fragmented DataFully integrated data across all security functions.
Slower TriageAccelerated remediation through cross-functional workflows.
Higher ComplexitySimplified news-style reporting and intuitive custom alerts.

Request a demo today.

❌