aws-sdk-ssoadmin 1.29.0 → 1.31.0

data/lib/aws-sdk-ssoadmin/client.rb

@@ -568,6 +568,204 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
+    # Creates an application in IAM Identity Center for the given
+    # application provider.
+    #
+    # @option params [required, String] :application_provider_arn
+    #   The ARN of the application provider under which the operation will
+    #   run.
+    #
+    # @option params [String] :client_token
+    #   Specifies a unique, case-sensitive ID that you provide to ensure the
+    #   idempotency of the request. This lets you safely retry the request
+    #   without accidentally performing the same operation a second time.
+    #   Passing the same value to a later call to an operation requires that
+    #   you also pass the same value for all other parameters. We recommend
+    #   that you use a [UUID type of value][1].
+    #
+    #   If you don't provide this value, then Amazon Web Services generates a
+    #   random one for you.
+    #
+    #   If you retry the operation with the same `ClientToken`, but with
+    #   different parameters, the retry fails with an
+    #   `IdempotentParameterMismatch` error.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    #
+    #
+    #   [1]: https://wikipedia.org/wiki/Universally_unique_identifier
+    #
+    # @option params [String] :description
+    #   The description of the .
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the instance of IAM Identity Center under which the
+    #   operation will run. For more information about ARNs, see [Amazon
+    #   Resource Names (ARNs) and Amazon Web Services Service
+    #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
+    #   *Amazon Web Services General Reference*.
+    #
+    # @option params [required, String] :name
+    #   The name of the .
+    #
+    # @option params [Types::PortalOptions] :portal_options
+    #   A structure that describes the options for the portal associated with
+    #   an application.
+    #
+    # @option params [String] :status
+    #   Specifies whether the application is enabled or disabled.
+    #
+    # @option params [Array<Types::Tag>] :tags
+    #   Specifies tags to be attached to the application.
+    #
+    # @return [Types::CreateApplicationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateApplicationResponse#application_arn #application_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_application({
+    #     application_provider_arn: "ApplicationProviderArn", # required
+    #     client_token: "ClientToken",
+    #     description: "Description",
+    #     instance_arn: "InstanceArn", # required
+    #     name: "NameType", # required
+    #     portal_options: {
+    #       sign_in_options: {
+    #         application_url: "ApplicationUrl",
+    #         origin: "IDENTITY_CENTER", # required, accepts IDENTITY_CENTER, APPLICATION
+    #       },
+    #       visibility: "ENABLED", # accepts ENABLED, DISABLED
+    #     },
+    #     status: "ENABLED", # accepts ENABLED, DISABLED
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.application_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateApplication AWS API Documentation
+    #
+    # @overload create_application(params = {})
+    # @param [Hash] params ({})
+    def create_application(params = {}, options = {})
+      req = build_request(:create_application, params)
+      req.send_request(options)
+    end
+
+    # Grant application access to a user or group.
+    #
+    # @option params [required, String] :application_arn
+    #   The ARN of the application provider under which the operation will
+    #   run.
+    #
+    # @option params [required, String] :principal_id
+    #   An identifier for an object in IAM Identity Center, such as a user or
+    #   group. PrincipalIds are GUIDs (For example,
+    #   f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    #   PrincipalIds in IAM Identity Center, see the [IAM Identity Center
+    #   Identity Store API
+    #   Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
+    #
+    # @option params [required, String] :principal_type
+    #   The entity type for which the assignment will be created.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_application_assignment({
+    #     application_arn: "ApplicationArn", # required
+    #     principal_id: "PrincipalId", # required
+    #     principal_type: "USER", # required, accepts USER, GROUP
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateApplicationAssignment AWS API Documentation
+    #
+    # @overload create_application_assignment(params = {})
+    # @param [Hash] params ({})
+    def create_application_assignment(params = {}, options = {})
+      req = build_request(:create_application_assignment, params)
+      req.send_request(options)
+    end
+
+    # Creates an instance of IAM Identity Center for a standalone Amazon Web
+    # Services account that is not managed by Organizations or a member
+    # Amazon Web Services account in an organization. You can create only
+    # one instance per account and across all Amazon Web Services Regions.
+    #
+    # The CreateInstance request is rejected if the following apply:
+    #
+    # * The instance is created within the organization management account.
+    #
+    # * An instance already exists in the same account.
+    #
+    # @option params [String] :client_token
+    #   Specifies a unique, case-sensitive ID that you provide to ensure the
+    #   idempotency of the request. This lets you safely retry the request
+    #   without accidentally performing the same operation a second time.
+    #   Passing the same value to a later call to an operation requires that
+    #   you also pass the same value for all other parameters. We recommend
+    #   that you use a [UUID type of value][1].
+    #
+    #   If you don't provide this value, then Amazon Web Services generates a
+    #   random one for you.
+    #
+    #   If you retry the operation with the same `ClientToken`, but with
+    #   different parameters, the retry fails with an
+    #   `IdempotentParameterMismatch` error.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    #
+    #
+    #   [1]: https://wikipedia.org/wiki/Universally_unique_identifier
+    #
+    # @option params [String] :name
+    #   The name of the instance of IAM Identity Center.
+    #
+    # @option params [Array<Types::Tag>] :tags
+    #   Specifies tags to be attached to the instance of IAM Identity Center.
+    #
+    # @return [Types::CreateInstanceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateInstanceResponse#instance_arn #instance_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_instance({
+    #     client_token: "ClientToken",
+    #     name: "NameType",
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.instance_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstance AWS API Documentation
+    #
+    # @overload create_instance(params = {})
+    # @param [Hash] params ({})
+    def create_instance(params = {}, options = {})
+      req = build_request(:create_instance, params)
+      req.send_request(options)
+    end
+
     # Enables the attributes-based access control (ABAC) feature for the
     # specified IAM Identity Center instance. You can also specify new
     # attributes to add to your ABAC configuration during the enabling
@@ -692,6 +890,97 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
+    # Creates a connection to a trusted token issuer in an instance of IAM
+    # Identity Center. A trusted token issuer enables trusted identity
+    # propagation to be used with applications that authenticate outside of
+    # Amazon Web Services.
+    #
+    # This trusted token issuer describes an external identity provider
+    # (IdP) that can generate claims or assertions in the form of access
+    # tokens for a user. Applications enabled for IAM Identity Center can
+    # use these tokens for authentication.
+    #
+    # @option params [String] :client_token
+    #   Specifies a unique, case-sensitive ID that you provide to ensure the
+    #   idempotency of the request. This lets you safely retry the request
+    #   without accidentally performing the same operation a second time.
+    #   Passing the same value to a later call to an operation requires that
+    #   you also pass the same value for all other parameters. We recommend
+    #   that you use a [UUID type of value.][1].
+    #
+    #   If you don't provide this value, then Amazon Web Services generates a
+    #   random one for you.
+    #
+    #   If you retry the operation with the same `ClientToken`, but with
+    #   different parameters, the retry fails with an
+    #   `IdempotentParameterMismatch` error.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    #
+    #
+    #   [1]: https://wikipedia.org/wiki/Universally_unique_identifier
+    #
+    # @option params [required, String] :instance_arn
+    #   Specifies the ARN of the instance of IAM Identity Center to contain
+    #   the new trusted token issuer configuration.
+    #
+    # @option params [required, String] :name
+    #   Specifies the name of the new trusted token issuer configuration.
+    #
+    # @option params [Array<Types::Tag>] :tags
+    #   Specifies tags to be attached to the new trusted token issuer
+    #   configuration.
+    #
+    # @option params [required, Types::TrustedTokenIssuerConfiguration] :trusted_token_issuer_configuration
+    #   Specifies settings that apply to the new trusted token issuer
+    #   configuration. The settings that are available depend on what
+    #   `TrustedTokenIssuerType` you specify.
+    #
+    # @option params [required, String] :trusted_token_issuer_type
+    #   Specifies the type of the new trusted token issuer.
+    #
+    # @return [Types::CreateTrustedTokenIssuerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateTrustedTokenIssuerResponse#trusted_token_issuer_arn #trusted_token_issuer_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_trusted_token_issuer({
+    #     client_token: "ClientToken",
+    #     instance_arn: "InstanceArn", # required
+    #     name: "TrustedTokenIssuerName", # required
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
+    #     trusted_token_issuer_configuration: { # required
+    #       oidc_jwt_configuration: {
+    #         claim_attribute_path: "ClaimAttributePath", # required
+    #         identity_store_attribute_path: "JMESPath", # required
+    #         issuer_url: "TrustedTokenIssuerUrl", # required
+    #         jwks_retrieval_option: "OPEN_ID_DISCOVERY", # required, accepts OPEN_ID_DISCOVERY
+    #       },
+    #     },
+    #     trusted_token_issuer_type: "OIDC_JWT", # required, accepts OIDC_JWT
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.trusted_token_issuer_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateTrustedTokenIssuer AWS API Documentation
+    #
+    # @overload create_trusted_token_issuer(params = {})
+    # @param [Hash] params ({})
+    def create_trusted_token_issuer(params = {}, options = {})
+      req = build_request(:create_trusted_token_issuer, params)
+      req.send_request(options)
+    end
+
     # Deletes a principal's access from a specified Amazon Web Services
     # account using a specified permission set.
     #
@@ -765,6 +1054,148 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
+    # Deletes the association with the application. The connected service
+    # resource still exists.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application. For more information about ARNs,
+    #   see [Amazon Resource Names (ARNs) and Amazon Web Services Service
+    #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
+    #   *Amazon Web Services General Reference*.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_application({
+    #     application_arn: "ApplicationArn", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteApplication AWS API Documentation
+    #
+    # @overload delete_application(params = {})
+    # @param [Hash] params ({})
+    def delete_application(params = {}, options = {})
+      req = build_request(:delete_application, params)
+      req.send_request(options)
+    end
+
+    # Deletes an IAM Identity Center access scope from an application.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application with the access scope to delete.
+    #
+    # @option params [required, String] :scope
+    #   Specifies the name of the access scope to remove from the application.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_application_access_scope({
+    #     application_arn: "ApplicationArn", # required
+    #     scope: "Scope", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteApplicationAccessScope AWS API Documentation
+    #
+    # @overload delete_application_access_scope(params = {})
+    # @param [Hash] params ({})
+    def delete_application_access_scope(params = {}, options = {})
+      req = build_request(:delete_application_access_scope, params)
+      req.send_request(options)
+    end
+
+    # Revoke application access to an application by deleting application
+    # assignments for a user or group.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application.
+    #
+    # @option params [required, String] :principal_id
+    #   An identifier for an object in IAM Identity Center, such as a user or
+    #   group. PrincipalIds are GUIDs (For example,
+    #   f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    #   PrincipalIds in IAM Identity Center, see the [IAM Identity Center
+    #   Identity Store API
+    #   Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
+    #
+    # @option params [required, String] :principal_type
+    #   The entity type for which the assignment will be deleted.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_application_assignment({
+    #     application_arn: "ApplicationArn", # required
+    #     principal_id: "PrincipalId", # required
+    #     principal_type: "USER", # required, accepts USER, GROUP
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteApplicationAssignment AWS API Documentation
+    #
+    # @overload delete_application_assignment(params = {})
+    # @param [Hash] params ({})
+    def delete_application_assignment(params = {}, options = {})
+      req = build_request(:delete_application_assignment, params)
+      req.send_request(options)
+    end
+
+    # Deletes an authentication method from an application.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application with the authentication method to
+    #   delete.
+    #
+    # @option params [required, String] :authentication_method_type
+    #   Specifies the authentication method type to delete from the
+    #   application.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_application_authentication_method({
+    #     application_arn: "ApplicationArn", # required
+    #     authentication_method_type: "IAM", # required, accepts IAM
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteApplicationAuthenticationMethod AWS API Documentation
+    #
+    # @overload delete_application_authentication_method(params = {})
+    # @param [Hash] params ({})
+    def delete_application_authentication_method(params = {}, options = {})
+      req = build_request(:delete_application_authentication_method, params)
+      req.send_request(options)
+    end
+
+    # Deletes a grant from an application.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application with the grant to delete.
+    #
+    # @option params [required, String] :grant_type
+    #   Specifies the type of grant to delete from the application.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_application_grant({
+    #     application_arn: "ApplicationArn", # required
+    #     grant_type: "authorization_code", # required, accepts authorization_code, refresh_token, urn:ietf:params:oauth:grant-type:jwt-bearer, urn:ietf:params:oauth:grant-type:token-exchange
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteApplicationGrant AWS API Documentation
+    #
+    # @overload delete_application_grant(params = {})
+    # @param [Hash] params ({})
+    def delete_application_grant(params = {}, options = {})
+      req = build_request(:delete_application_grant, params)
+      req.send_request(options)
+    end
+
     # Deletes the inline policy from a specified permission set.
     #
     # @option params [required, String] :instance_arn
@@ -795,6 +1226,32 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
+    # Deletes the instance of IAM Identity Center. Only the account that
+    # owns the instance can call this API. Neither the delegated
+    # administrator nor member account can delete the organization instance,
+    # but those roles can delete their own instance.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the instance of IAM Identity Center under which the
+    #   operation will run.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_instance({
+    #     instance_arn: "InstanceArn", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstance AWS API Documentation
+    #
+    # @overload delete_instance(params = {})
+    # @param [Hash] params ({})
+    def delete_instance(params = {}, options = {})
+      req = build_request(:delete_instance, params)
+      req.send_request(options)
+    end
+
     # Disables the attributes-based access control (ABAC) feature for the
     # specified IAM Identity Center instance and deletes all of the
     # attribute mappings that have been configured. Once deleted, any
@@ -882,21 +1339,50 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
-    # Describes the status of the assignment creation request.
+    # Deletes a trusted token issuer configuration from an instance of IAM
+    # Identity Center.
     #
-    # @option params [required, String] :account_assignment_creation_request_id
-    #   The identifier that is used to track the request operation progress.
+    # <note markdown="1"> Deleting this trusted token issuer configuration will cause users to
+    # lose access to any applications that are configured to use the trusted
+    # token issuer.
     #
-    # @option params [required, String] :instance_arn
-    #   The ARN of the IAM Identity Center instance under which the operation
-    #   will be executed. For more information about ARNs, see [Amazon
-    #   Resource Names (ARNs) and Amazon Web Services Service
-    #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
-    #   *Amazon Web Services General Reference*.
+    #  </note>
     #
-    # @return [Types::DescribeAccountAssignmentCreationStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    # @option params [required, String] :trusted_token_issuer_arn
+    #   Specifies the ARN of the trusted token issuer configuration to delete.
     #
-    #   * {Types::DescribeAccountAssignmentCreationStatusResponse#account_assignment_creation_status #account_assignment_creation_status} => Types::AccountAssignmentOperationStatus
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_trusted_token_issuer({
+    #     trusted_token_issuer_arn: "TrustedTokenIssuerArn", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteTrustedTokenIssuer AWS API Documentation
+    #
+    # @overload delete_trusted_token_issuer(params = {})
+    # @param [Hash] params ({})
+    def delete_trusted_token_issuer(params = {}, options = {})
+      req = build_request(:delete_trusted_token_issuer, params)
+      req.send_request(options)
+    end
+
+    # Describes the status of the assignment creation request.
+    #
+    # @option params [required, String] :account_assignment_creation_request_id
+    #   The identifier that is used to track the request operation progress.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the IAM Identity Center instance under which the operation
+    #   will be executed. For more information about ARNs, see [Amazon
+    #   Resource Names (ARNs) and Amazon Web Services Service
+    #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
+    #   *Amazon Web Services General Reference*.
+    #
+    # @return [Types::DescribeAccountAssignmentCreationStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeAccountAssignmentCreationStatusResponse#account_assignment_creation_status #account_assignment_creation_status} => Types::AccountAssignmentOperationStatus
     #
     # @example Request syntax with placeholder values
     #
@@ -970,6 +1456,200 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
+    # Retrieves the details of an application associated with an instance of
+    # IAM Identity Center.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application. For more information about ARNs,
+    #   see [Amazon Resource Names (ARNs) and Amazon Web Services Service
+    #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
+    #   *Amazon Web Services General Reference*.
+    #
+    # @return [Types::DescribeApplicationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeApplicationResponse#application_account #application_account} => String
+    #   * {Types::DescribeApplicationResponse#application_arn #application_arn} => String
+    #   * {Types::DescribeApplicationResponse#application_provider_arn #application_provider_arn} => String
+    #   * {Types::DescribeApplicationResponse#created_date #created_date} => Time
+    #   * {Types::DescribeApplicationResponse#description #description} => String
+    #   * {Types::DescribeApplicationResponse#instance_arn #instance_arn} => String
+    #   * {Types::DescribeApplicationResponse#name #name} => String
+    #   * {Types::DescribeApplicationResponse#portal_options #portal_options} => Types::PortalOptions
+    #   * {Types::DescribeApplicationResponse#status #status} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_application({
+    #     application_arn: "ApplicationArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.application_account #=> String
+    #   resp.application_arn #=> String
+    #   resp.application_provider_arn #=> String
+    #   resp.created_date #=> Time
+    #   resp.description #=> String
+    #   resp.instance_arn #=> String
+    #   resp.name #=> String
+    #   resp.portal_options.sign_in_options.application_url #=> String
+    #   resp.portal_options.sign_in_options.origin #=> String, one of "IDENTITY_CENTER", "APPLICATION"
+    #   resp.portal_options.visibility #=> String, one of "ENABLED", "DISABLED"
+    #   resp.status #=> String, one of "ENABLED", "DISABLED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeApplication AWS API Documentation
+    #
+    # @overload describe_application(params = {})
+    # @param [Hash] params ({})
+    def describe_application(params = {}, options = {})
+      req = build_request(:describe_application, params)
+      req.send_request(options)
+    end
+
+    # Retrieves a direct assignment of a user or group to an application. If
+    # the user doesn’t have a direct assignment to the application, the user
+    # may still have access to the application through a group. Therefore,
+    # don’t use this API to test access to an application for a user.
+    # Instead use ListApplicationAssignmentsForPrincipal.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application. For more information about ARNs,
+    #   see [Amazon Resource Names (ARNs) and Amazon Web Services Service
+    #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
+    #   *Amazon Web Services General Reference*.
+    #
+    # @option params [required, String] :principal_id
+    #   An identifier for an object in IAM Identity Center, such as a user or
+    #   group. PrincipalIds are GUIDs (For example,
+    #   f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    #   PrincipalIds in IAM Identity Center, see the [IAM Identity Center
+    #   Identity Store API
+    #   Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
+    #
+    # @option params [required, String] :principal_type
+    #   The entity type for which the assignment will be created.
+    #
+    # @return [Types::DescribeApplicationAssignmentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeApplicationAssignmentResponse#application_arn #application_arn} => String
+    #   * {Types::DescribeApplicationAssignmentResponse#principal_id #principal_id} => String
+    #   * {Types::DescribeApplicationAssignmentResponse#principal_type #principal_type} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_application_assignment({
+    #     application_arn: "ApplicationArn", # required
+    #     principal_id: "PrincipalId", # required
+    #     principal_type: "USER", # required, accepts USER, GROUP
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.application_arn #=> String
+    #   resp.principal_id #=> String
+    #   resp.principal_type #=> String, one of "USER", "GROUP"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeApplicationAssignment AWS API Documentation
+    #
+    # @overload describe_application_assignment(params = {})
+    # @param [Hash] params ({})
+    def describe_application_assignment(params = {}, options = {})
+      req = build_request(:describe_application_assignment, params)
+      req.send_request(options)
+    end
+
+    # Retrieves details about a provider that can be used to connect an
+    # Amazon Web Services managed application or customer managed
+    # application to IAM Identity Center.
+    #
+    # @option params [required, String] :application_provider_arn
+    #   Specifies the ARN of the application provider for which you want
+    #   details.
+    #
+    # @return [Types::DescribeApplicationProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeApplicationProviderResponse#application_provider_arn #application_provider_arn} => String
+    #   * {Types::DescribeApplicationProviderResponse#display_data #display_data} => Types::DisplayData
+    #   * {Types::DescribeApplicationProviderResponse#federation_protocol #federation_protocol} => String
+    #   * {Types::DescribeApplicationProviderResponse#resource_server_config #resource_server_config} => Types::ResourceServerConfig
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_application_provider({
+    #     application_provider_arn: "ApplicationProviderArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.application_provider_arn #=> String
+    #   resp.display_data.description #=> String
+    #   resp.display_data.display_name #=> String
+    #   resp.display_data.icon_url #=> String
+    #   resp.federation_protocol #=> String, one of "SAML", "OAUTH"
+    #   resp.resource_server_config.scopes #=> Hash
+    #   resp.resource_server_config.scopes["ResourceServerScope"].detailed_title #=> String
+    #   resp.resource_server_config.scopes["ResourceServerScope"].long_description #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeApplicationProvider AWS API Documentation
+    #
+    # @overload describe_application_provider(params = {})
+    # @param [Hash] params ({})
+    def describe_application_provider(params = {}, options = {})
+      req = build_request(:describe_application_provider, params)
+      req.send_request(options)
+    end
+
+    # Returns the details of an instance of IAM Identity Center. The status
+    # can be one of the following:
+    #
+    # * `CREATE_IN_PROGRESS` - The instance is in the process of being
+    #   created. When the instance is ready for use, DescribeInstance
+    #   returns the status of `ACTIVE`. While the instance is in the
+    #   `CREATE_IN_PROGRESS` state, you can call only DescribeInstance and
+    #   DeleteInstance operations.
+    #
+    # * `DELETE_IN_PROGRESS` - The instance is being deleted. Returns
+    #   `AccessDeniedException` after the delete operation completes.
+    #
+    # * `ACTIVE` - The instance is active.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the instance of IAM Identity Center under which the
+    #   operation will run.
+    #
+    # @return [Types::DescribeInstanceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeInstanceResponse#created_date #created_date} => Time
+    #   * {Types::DescribeInstanceResponse#identity_store_id #identity_store_id} => String
+    #   * {Types::DescribeInstanceResponse#instance_arn #instance_arn} => String
+    #   * {Types::DescribeInstanceResponse#name #name} => String
+    #   * {Types::DescribeInstanceResponse#owner_account_id #owner_account_id} => String
+    #   * {Types::DescribeInstanceResponse#status #status} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_instance({
+    #     instance_arn: "InstanceArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.created_date #=> Time
+    #   resp.identity_store_id #=> String
+    #   resp.instance_arn #=> String
+    #   resp.name #=> String
+    #   resp.owner_account_id #=> String
+    #   resp.status #=> String, one of "CREATE_IN_PROGRESS", "DELETE_IN_PROGRESS", "ACTIVE"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstance AWS API Documentation
+    #
+    # @overload describe_instance(params = {})
+    # @param [Hash] params ({})
+    def describe_instance(params = {}, options = {})
+      req = build_request(:describe_instance, params)
+      req.send_request(options)
+    end
+
     # Returns the list of IAM Identity Center identity store attributes that
     # have been configured to work with attributes-based access control
     # (ABAC) for the specified IAM Identity Center instance. This will not
@@ -1096,6 +1776,48 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
+    # Retrieves details about a trusted token issuer configuration stored in
+    # an instance of IAM Identity Center. Details include the name of the
+    # trusted token issuer, the issuer URL, and the path of the source
+    # attribute and the destination attribute for a trusted token issuer
+    # configuration.
+    #
+    # @option params [required, String] :trusted_token_issuer_arn
+    #   Specifies the ARN of the trusted token issuer configuration that you
+    #   want details about.
+    #
+    # @return [Types::DescribeTrustedTokenIssuerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeTrustedTokenIssuerResponse#name #name} => String
+    #   * {Types::DescribeTrustedTokenIssuerResponse#trusted_token_issuer_arn #trusted_token_issuer_arn} => String
+    #   * {Types::DescribeTrustedTokenIssuerResponse#trusted_token_issuer_configuration #trusted_token_issuer_configuration} => Types::TrustedTokenIssuerConfiguration
+    #   * {Types::DescribeTrustedTokenIssuerResponse#trusted_token_issuer_type #trusted_token_issuer_type} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_trusted_token_issuer({
+    #     trusted_token_issuer_arn: "TrustedTokenIssuerArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.name #=> String
+    #   resp.trusted_token_issuer_arn #=> String
+    #   resp.trusted_token_issuer_configuration.oidc_jwt_configuration.claim_attribute_path #=> String
+    #   resp.trusted_token_issuer_configuration.oidc_jwt_configuration.identity_store_attribute_path #=> String
+    #   resp.trusted_token_issuer_configuration.oidc_jwt_configuration.issuer_url #=> String
+    #   resp.trusted_token_issuer_configuration.oidc_jwt_configuration.jwks_retrieval_option #=> String, one of "OPEN_ID_DISCOVERY"
+    #   resp.trusted_token_issuer_type #=> String, one of "OIDC_JWT"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeTrustedTokenIssuer AWS API Documentation
+    #
+    # @overload describe_trusted_token_issuer(params = {})
+    # @param [Hash] params ({})
+    def describe_trusted_token_issuer(params = {}, options = {})
+      req = build_request(:describe_trusted_token_issuer, params)
+      req.send_request(options)
+    end
+
     # Detaches the specified customer managed policy from the specified
     # PermissionSet.
     #
@@ -1169,6 +1891,146 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
+    # Retrieves the authorized targets for an IAM Identity Center access
+    # scope for an application.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application with the access scope that you
+    #   want to retrieve.
+    #
+    # @option params [required, String] :scope
+    #   Specifies the name of the access scope for which you want the
+    #   authorized targets.
+    #
+    # @return [Types::GetApplicationAccessScopeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetApplicationAccessScopeResponse#authorized_targets #authorized_targets} => Array&lt;String&gt;
+    #   * {Types::GetApplicationAccessScopeResponse#scope #scope} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_application_access_scope({
+    #     application_arn: "ApplicationArn", # required
+    #     scope: "Scope", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.authorized_targets #=> Array
+    #   resp.authorized_targets[0] #=> String
+    #   resp.scope #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/GetApplicationAccessScope AWS API Documentation
+    #
+    # @overload get_application_access_scope(params = {})
+    # @param [Hash] params ({})
+    def get_application_access_scope(params = {}, options = {})
+      req = build_request(:get_application_access_scope, params)
+      req.send_request(options)
+    end
+
+    # Retrieves the configuration of PutApplicationAssignmentConfiguration.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application. For more information about ARNs,
+    #   see [Amazon Resource Names (ARNs) and Amazon Web Services Service
+    #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
+    #   *Amazon Web Services General Reference*.
+    #
+    # @return [Types::GetApplicationAssignmentConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetApplicationAssignmentConfigurationResponse#assignment_required #assignment_required} => Boolean
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_application_assignment_configuration({
+    #     application_arn: "ApplicationArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.assignment_required #=> Boolean
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/GetApplicationAssignmentConfiguration AWS API Documentation
+    #
+    # @overload get_application_assignment_configuration(params = {})
+    # @param [Hash] params ({})
+    def get_application_assignment_configuration(params = {}, options = {})
+      req = build_request(:get_application_assignment_configuration, params)
+      req.send_request(options)
+    end
+
+    # Retrieves details about an authentication method used by an
+    # application.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application.
+    #
+    # @option params [required, String] :authentication_method_type
+    #   Specifies the type of authentication method for which you want
+    #   details.
+    #
+    # @return [Types::GetApplicationAuthenticationMethodResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetApplicationAuthenticationMethodResponse#authentication_method #authentication_method} => Types::AuthenticationMethod
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_application_authentication_method({
+    #     application_arn: "ApplicationArn", # required
+    #     authentication_method_type: "IAM", # required, accepts IAM
+    #   })
+    #
+    # @example Response structure
+    #
+    #
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/GetApplicationAuthenticationMethod AWS API Documentation
+    #
+    # @overload get_application_authentication_method(params = {})
+    # @param [Hash] params ({})
+    def get_application_authentication_method(params = {}, options = {})
+      req = build_request(:get_application_authentication_method, params)
+      req.send_request(options)
+    end
+
+    # Retrieves details about an application grant.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application that contains the grant.
+    #
+    # @option params [required, String] :grant_type
+    #   Specifies the type of grant.
+    #
+    # @return [Types::GetApplicationGrantResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetApplicationGrantResponse#grant #grant} => Types::Grant
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_application_grant({
+    #     application_arn: "ApplicationArn", # required
+    #     grant_type: "authorization_code", # required, accepts authorization_code, refresh_token, urn:ietf:params:oauth:grant-type:jwt-bearer, urn:ietf:params:oauth:grant-type:token-exchange
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.grant.authorization_code.redirect_uris #=> Array
+    #   resp.grant.authorization_code.redirect_uris[0] #=> String
+    #   resp.grant.jwt_bearer.authorized_token_issuers #=> Array
+    #   resp.grant.jwt_bearer.authorized_token_issuers[0].authorized_audiences #=> Array
+    #   resp.grant.jwt_bearer.authorized_token_issuers[0].authorized_audiences[0] #=> String
+    #   resp.grant.jwt_bearer.authorized_token_issuers[0].trusted_token_issuer_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/GetApplicationGrant AWS API Documentation
+    #
+    # @overload get_application_grant(params = {})
+    # @param [Hash] params ({})
+    def get_application_grant(params = {}, options = {})
+      req = build_request(:get_application_grant, params)
+      req.send_request(options)
+    end
+
     # Obtains the inline policy assigned to the permission set.
     #
     # @option params [required, String] :instance_arn
@@ -1308,161 +2170,638 @@ module Aws::SSOAdmin
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
-    # @option params [Integer] :max_results
-    #   The maximum number of results to display for the assignment.
+    # @option params [Integer] :max_results
+    #   The maximum number of results to display for the assignment.
+    #
+    # @option params [String] :next_token
+    #   The pagination token for the list API. Initially the value is null.
+    #   Use the output of previous API calls to make subsequent calls.
+    #
+    # @return [Types::ListAccountAssignmentDeletionStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListAccountAssignmentDeletionStatusResponse#account_assignments_deletion_status #account_assignments_deletion_status} => Array&lt;Types::AccountAssignmentOperationStatusMetadata&gt;
+    #   * {Types::ListAccountAssignmentDeletionStatusResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_account_assignment_deletion_status({
+    #     filter: {
+    #       status: "IN_PROGRESS", # accepts IN_PROGRESS, FAILED, SUCCEEDED
+    #     },
+    #     instance_arn: "InstanceArn", # required
+    #     max_results: 1,
+    #     next_token: "Token",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.account_assignments_deletion_status #=> Array
+    #   resp.account_assignments_deletion_status[0].created_date #=> Time
+    #   resp.account_assignments_deletion_status[0].request_id #=> String
+    #   resp.account_assignments_deletion_status[0].status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListAccountAssignmentDeletionStatus AWS API Documentation
+    #
+    # @overload list_account_assignment_deletion_status(params = {})
+    # @param [Hash] params ({})
+    def list_account_assignment_deletion_status(params = {}, options = {})
+      req = build_request(:list_account_assignment_deletion_status, params)
+      req.send_request(options)
+    end
+
+    # Lists the assignee of the specified Amazon Web Services account with
+    # the specified permission set.
+    #
+    # @option params [required, String] :account_id
+    #   The identifier of the Amazon Web Services account from which to list
+    #   the assignments.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the IAM Identity Center instance under which the operation
+    #   will be executed. For more information about ARNs, see [Amazon
+    #   Resource Names (ARNs) and Amazon Web Services Service
+    #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
+    #   *Amazon Web Services General Reference*.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to display for the assignment.
+    #
+    # @option params [String] :next_token
+    #   The pagination token for the list API. Initially the value is null.
+    #   Use the output of previous API calls to make subsequent calls.
+    #
+    # @option params [required, String] :permission_set_arn
+    #   The ARN of the permission set from which to list assignments.
+    #
+    # @return [Types::ListAccountAssignmentsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListAccountAssignmentsResponse#account_assignments #account_assignments} => Array&lt;Types::AccountAssignment&gt;
+    #   * {Types::ListAccountAssignmentsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_account_assignments({
+    #     account_id: "TargetId", # required
+    #     instance_arn: "InstanceArn", # required
+    #     max_results: 1,
+    #     next_token: "Token",
+    #     permission_set_arn: "PermissionSetArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.account_assignments #=> Array
+    #   resp.account_assignments[0].account_id #=> String
+    #   resp.account_assignments[0].permission_set_arn #=> String
+    #   resp.account_assignments[0].principal_id #=> String
+    #   resp.account_assignments[0].principal_type #=> String, one of "USER", "GROUP"
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListAccountAssignments AWS API Documentation
+    #
+    # @overload list_account_assignments(params = {})
+    # @param [Hash] params ({})
+    def list_account_assignments(params = {}, options = {})
+      req = build_request(:list_account_assignments, params)
+      req.send_request(options)
+    end
+
+    # Retrieves a list of the IAM Identity Center associated Amazon Web
+    # Services accounts that the principal has access to.
+    #
+    # @option params [Types::ListAccountAssignmentsFilter] :filter
+    #   Specifies an Amazon Web Services account ID number. Results are
+    #   filtered to only those that match this ID number.
+    #
+    # @option params [required, String] :instance_arn
+    #   Specifies the ARN of the instance of IAM Identity Center that contains
+    #   the principal.
+    #
+    # @option params [Integer] :max_results
+    #   Specifies the total number of results that you want included in each
+    #   response. If additional items exist beyond the number you specify, the
+    #   `NextToken` response element is returned with a value (not null).
+    #   Include the specified value as the `NextToken` request parameter in
+    #   the next call to the operation to get the next set of results. Note
+    #   that the service might return fewer results than the maximum even when
+    #   there are more results available. You should check `NextToken` after
+    #   every operation to ensure that you receive all of the results.
+    #
+    # @option params [String] :next_token
+    #   Specifies that you want to receive the next page of results. Valid
+    #   only if you received a `NextToken` response in the previous request.
+    #   If you did, it indicates that more output is available. Set this
+    #   parameter to the value provided by the previous call's `NextToken`
+    #   response to request the next page of results.
+    #
+    # @option params [required, String] :principal_id
+    #   Specifies the principal for which you want to retrieve the list of
+    #   account assignments.
+    #
+    # @option params [required, String] :principal_type
+    #   Specifies the type of the principal.
+    #
+    # @return [Types::ListAccountAssignmentsForPrincipalResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListAccountAssignmentsForPrincipalResponse#account_assignments #account_assignments} => Array&lt;Types::AccountAssignmentForPrincipal&gt;
+    #   * {Types::ListAccountAssignmentsForPrincipalResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_account_assignments_for_principal({
+    #     filter: {
+    #       account_id: "AccountId",
+    #     },
+    #     instance_arn: "InstanceArn", # required
+    #     max_results: 1,
+    #     next_token: "Token",
+    #     principal_id: "PrincipalId", # required
+    #     principal_type: "USER", # required, accepts USER, GROUP
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.account_assignments #=> Array
+    #   resp.account_assignments[0].account_id #=> String
+    #   resp.account_assignments[0].permission_set_arn #=> String
+    #   resp.account_assignments[0].principal_id #=> String
+    #   resp.account_assignments[0].principal_type #=> String, one of "USER", "GROUP"
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListAccountAssignmentsForPrincipal AWS API Documentation
+    #
+    # @overload list_account_assignments_for_principal(params = {})
+    # @param [Hash] params ({})
+    def list_account_assignments_for_principal(params = {}, options = {})
+      req = build_request(:list_account_assignments_for_principal, params)
+      req.send_request(options)
+    end
+
+    # Lists all the Amazon Web Services accounts where the specified
+    # permission set is provisioned.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the IAM Identity Center instance under which the operation
+    #   will be executed. For more information about ARNs, see [Amazon
+    #   Resource Names (ARNs) and Amazon Web Services Service
+    #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
+    #   *Amazon Web Services General Reference*.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to display for the PermissionSet.
+    #
+    # @option params [String] :next_token
+    #   The pagination token for the list API. Initially the value is null.
+    #   Use the output of previous API calls to make subsequent calls.
+    #
+    # @option params [required, String] :permission_set_arn
+    #   The ARN of the PermissionSet from which the associated Amazon Web
+    #   Services accounts will be listed.
+    #
+    # @option params [String] :provisioning_status
+    #   The permission set provisioning status for an Amazon Web Services
+    #   account.
+    #
+    # @return [Types::ListAccountsForProvisionedPermissionSetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListAccountsForProvisionedPermissionSetResponse#account_ids #account_ids} => Array&lt;String&gt;
+    #   * {Types::ListAccountsForProvisionedPermissionSetResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_accounts_for_provisioned_permission_set({
+    #     instance_arn: "InstanceArn", # required
+    #     max_results: 1,
+    #     next_token: "Token",
+    #     permission_set_arn: "PermissionSetArn", # required
+    #     provisioning_status: "LATEST_PERMISSION_SET_PROVISIONED", # accepts LATEST_PERMISSION_SET_PROVISIONED, LATEST_PERMISSION_SET_NOT_PROVISIONED
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.account_ids #=> Array
+    #   resp.account_ids[0] #=> String
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListAccountsForProvisionedPermissionSet AWS API Documentation
+    #
+    # @overload list_accounts_for_provisioned_permission_set(params = {})
+    # @param [Hash] params ({})
+    def list_accounts_for_provisioned_permission_set(params = {}, options = {})
+      req = build_request(:list_accounts_for_provisioned_permission_set, params)
+      req.send_request(options)
+    end
+
+    # Lists the access scopes and authorized targets associated with an
+    # application.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application.
+    #
+    # @option params [Integer] :max_results
+    #   Specifies the total number of results that you want included in each
+    #   response. If additional items exist beyond the number you specify, the
+    #   `NextToken` response element is returned with a value (not null).
+    #   Include the specified value as the `NextToken` request parameter in
+    #   the next call to the operation to get the next set of results. Note
+    #   that the service might return fewer results than the maximum even when
+    #   there are more results available. You should check `NextToken` after
+    #   every operation to ensure that you receive all of the results.
+    #
+    # @option params [String] :next_token
+    #   Specifies that you want to receive the next page of results. Valid
+    #   only if you received a `NextToken` response in the previous request.
+    #   If you did, it indicates that more output is available. Set this
+    #   parameter to the value provided by the previous call's `NextToken`
+    #   response to request the next page of results.
+    #
+    # @return [Types::ListApplicationAccessScopesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListApplicationAccessScopesResponse#next_token #next_token} => String
+    #   * {Types::ListApplicationAccessScopesResponse#scopes #scopes} => Array&lt;Types::ScopeDetails&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_application_access_scopes({
+    #     application_arn: "ApplicationArn", # required
+    #     max_results: 1,
+    #     next_token: "Token",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_token #=> String
+    #   resp.scopes #=> Array
+    #   resp.scopes[0].authorized_targets #=> Array
+    #   resp.scopes[0].authorized_targets[0] #=> String
+    #   resp.scopes[0].scope #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListApplicationAccessScopes AWS API Documentation
+    #
+    # @overload list_application_access_scopes(params = {})
+    # @param [Hash] params ({})
+    def list_application_access_scopes(params = {}, options = {})
+      req = build_request(:list_application_access_scopes, params)
+      req.send_request(options)
+    end
+
+    # Lists Amazon Web Services account users that are assigned to an
+    # application.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application.
+    #
+    # @option params [Integer] :max_results
+    #   Specifies the total number of results that you want included in each
+    #   response. If additional items exist beyond the number you specify, the
+    #   `NextToken` response element is returned with a value (not null).
+    #   Include the specified value as the `NextToken` request parameter in
+    #   the next call to the operation to get the next set of results. Note
+    #   that the service might return fewer results than the maximum even when
+    #   there are more results available. You should check `NextToken` after
+    #   every operation to ensure that you receive all of the results.
+    #
+    # @option params [String] :next_token
+    #   Specifies that you want to receive the next page of results. Valid
+    #   only if you received a `NextToken` response in the previous request.
+    #   If you did, it indicates that more output is available. Set this
+    #   parameter to the value provided by the previous call's `NextToken`
+    #   response to request the next page of results.
+    #
+    # @return [Types::ListApplicationAssignmentsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListApplicationAssignmentsResponse#application_assignments #application_assignments} => Array&lt;Types::ApplicationAssignment&gt;
+    #   * {Types::ListApplicationAssignmentsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_application_assignments({
+    #     application_arn: "ApplicationArn", # required
+    #     max_results: 1,
+    #     next_token: "Token",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.application_assignments #=> Array
+    #   resp.application_assignments[0].application_arn #=> String
+    #   resp.application_assignments[0].principal_id #=> String
+    #   resp.application_assignments[0].principal_type #=> String, one of "USER", "GROUP"
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListApplicationAssignments AWS API Documentation
+    #
+    # @overload list_application_assignments(params = {})
+    # @param [Hash] params ({})
+    def list_application_assignments(params = {}, options = {})
+      req = build_request(:list_application_assignments, params)
+      req.send_request(options)
+    end
+
+    # Lists the applications to which a specified principal is assigned.
+    #
+    # @option params [Types::ListApplicationAssignmentsFilter] :filter
+    #   Filters the output to include only assignments associated with the
+    #   application that has the specified ARN.
+    #
+    # @option params [required, String] :instance_arn
+    #   Specifies the instance of IAM Identity Center that contains principal
+    #   and applications.
+    #
+    # @option params [Integer] :max_results
+    #   Specifies the total number of results that you want included in each
+    #   response. If additional items exist beyond the number you specify, the
+    #   `NextToken` response element is returned with a value (not null).
+    #   Include the specified value as the `NextToken` request parameter in
+    #   the next call to the operation to get the next set of results. Note
+    #   that the service might return fewer results than the maximum even when
+    #   there are more results available. You should check `NextToken` after
+    #   every operation to ensure that you receive all of the results.
+    #
+    # @option params [String] :next_token
+    #   Specifies that you want to receive the next page of results. Valid
+    #   only if you received a `NextToken` response in the previous request.
+    #   If you did, it indicates that more output is available. Set this
+    #   parameter to the value provided by the previous call's `NextToken`
+    #   response to request the next page of results.
+    #
+    # @option params [required, String] :principal_id
+    #   Specifies the unique identifier of the principal for which you want to
+    #   retrieve its assignments.
+    #
+    # @option params [required, String] :principal_type
+    #   Specifies the type of the principal for which you want to retrieve its
+    #   assignments.
+    #
+    # @return [Types::ListApplicationAssignmentsForPrincipalResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListApplicationAssignmentsForPrincipalResponse#application_assignments #application_assignments} => Array&lt;Types::ApplicationAssignmentForPrincipal&gt;
+    #   * {Types::ListApplicationAssignmentsForPrincipalResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_application_assignments_for_principal({
+    #     filter: {
+    #       application_arn: "ApplicationArn",
+    #     },
+    #     instance_arn: "InstanceArn", # required
+    #     max_results: 1,
+    #     next_token: "Token",
+    #     principal_id: "PrincipalId", # required
+    #     principal_type: "USER", # required, accepts USER, GROUP
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.application_assignments #=> Array
+    #   resp.application_assignments[0].application_arn #=> String
+    #   resp.application_assignments[0].principal_id #=> String
+    #   resp.application_assignments[0].principal_type #=> String, one of "USER", "GROUP"
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListApplicationAssignmentsForPrincipal AWS API Documentation
+    #
+    # @overload list_application_assignments_for_principal(params = {})
+    # @param [Hash] params ({})
+    def list_application_assignments_for_principal(params = {}, options = {})
+      req = build_request(:list_application_assignments_for_principal, params)
+      req.send_request(options)
+    end
+
+    # Lists all of the authentication methods supported by the specified
+    # application.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application with the authentication methods
+    #   you want to list.
+    #
+    # @option params [String] :next_token
+    #   Specifies that you want to receive the next page of results. Valid
+    #   only if you received a `NextToken` response in the previous request.
+    #   If you did, it indicates that more output is available. Set this
+    #   parameter to the value provided by the previous call's `NextToken`
+    #   response to request the next page of results.
+    #
+    # @return [Types::ListApplicationAuthenticationMethodsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListApplicationAuthenticationMethodsResponse#authentication_methods #authentication_methods} => Array&lt;Types::AuthenticationMethodItem&gt;
+    #   * {Types::ListApplicationAuthenticationMethodsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_application_authentication_methods({
+    #     application_arn: "ApplicationArn", # required
+    #     next_token: "Token",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.authentication_methods #=> Array
+    #   resp.authentication_methods[0].authentication_method_type #=> String, one of "IAM"
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListApplicationAuthenticationMethods AWS API Documentation
+    #
+    # @overload list_application_authentication_methods(params = {})
+    # @param [Hash] params ({})
+    def list_application_authentication_methods(params = {}, options = {})
+      req = build_request(:list_application_authentication_methods, params)
+      req.send_request(options)
+    end
+
+    # List the grants associated with an application.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application whose grants you want to list.
     #
     # @option params [String] :next_token
-    #   The pagination token for the list API. Initially the value is null.
-    #   Use the output of previous API calls to make subsequent calls.
+    #   Specifies that you want to receive the next page of results. Valid
+    #   only if you received a `NextToken` response in the previous request.
+    #   If you did, it indicates that more output is available. Set this
+    #   parameter to the value provided by the previous call's `NextToken`
+    #   response to request the next page of results.
     #
-    # @return [Types::ListAccountAssignmentDeletionStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    # @return [Types::ListApplicationGrantsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
-    #   * {Types::ListAccountAssignmentDeletionStatusResponse#account_assignments_deletion_status #account_assignments_deletion_status} => Array&lt;Types::AccountAssignmentOperationStatusMetadata&gt;
-    #   * {Types::ListAccountAssignmentDeletionStatusResponse#next_token #next_token} => String
+    #   * {Types::ListApplicationGrantsResponse#grants #grants} => Array&lt;Types::GrantItem&gt;
+    #   * {Types::ListApplicationGrantsResponse#next_token #next_token} => String
     #
     # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
     #
     # @example Request syntax with placeholder values
     #
-    #   resp = client.list_account_assignment_deletion_status({
-    #     filter: {
-    #       status: "IN_PROGRESS", # accepts IN_PROGRESS, FAILED, SUCCEEDED
-    #     },
-    #     instance_arn: "InstanceArn", # required
-    #     max_results: 1,
+    #   resp = client.list_application_grants({
+    #     application_arn: "ApplicationArn", # required
     #     next_token: "Token",
     #   })
     #
     # @example Response structure
     #
-    #   resp.account_assignments_deletion_status #=> Array
-    #   resp.account_assignments_deletion_status[0].created_date #=> Time
-    #   resp.account_assignments_deletion_status[0].request_id #=> String
-    #   resp.account_assignments_deletion_status[0].status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
+    #   resp.grants #=> Array
+    #   resp.grants[0].grant.authorization_code.redirect_uris #=> Array
+    #   resp.grants[0].grant.authorization_code.redirect_uris[0] #=> String
+    #   resp.grants[0].grant.jwt_bearer.authorized_token_issuers #=> Array
+    #   resp.grants[0].grant.jwt_bearer.authorized_token_issuers[0].authorized_audiences #=> Array
+    #   resp.grants[0].grant.jwt_bearer.authorized_token_issuers[0].authorized_audiences[0] #=> String
+    #   resp.grants[0].grant.jwt_bearer.authorized_token_issuers[0].trusted_token_issuer_arn #=> String
+    #   resp.grants[0].grant_type #=> String, one of "authorization_code", "refresh_token", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:token-exchange"
     #   resp.next_token #=> String
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListAccountAssignmentDeletionStatus AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListApplicationGrants AWS API Documentation
     #
-    # @overload list_account_assignment_deletion_status(params = {})
+    # @overload list_application_grants(params = {})
     # @param [Hash] params ({})
-    def list_account_assignment_deletion_status(params = {}, options = {})
-      req = build_request(:list_account_assignment_deletion_status, params)
+    def list_application_grants(params = {}, options = {})
+      req = build_request(:list_application_grants, params)
       req.send_request(options)
     end
 
-    # Lists the assignee of the specified Amazon Web Services account with
-    # the specified permission set.
-    #
-    # @option params [required, String] :account_id
-    #   The identifier of the Amazon Web Services account from which to list
-    #   the assignments.
-    #
-    # @option params [required, String] :instance_arn
-    #   The ARN of the IAM Identity Center instance under which the operation
-    #   will be executed. For more information about ARNs, see [Amazon
-    #   Resource Names (ARNs) and Amazon Web Services Service
-    #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
-    #   *Amazon Web Services General Reference*.
+    # Lists the application providers configured in the IAM Identity Center
+    # identity store.
     #
     # @option params [Integer] :max_results
-    #   The maximum number of results to display for the assignment.
+    #   Specifies the total number of results that you want included in each
+    #   response. If additional items exist beyond the number you specify, the
+    #   `NextToken` response element is returned with a value (not null).
+    #   Include the specified value as the `NextToken` request parameter in
+    #   the next call to the operation to get the next set of results. Note
+    #   that the service might return fewer results than the maximum even when
+    #   there are more results available. You should check `NextToken` after
+    #   every operation to ensure that you receive all of the results.
     #
     # @option params [String] :next_token
-    #   The pagination token for the list API. Initially the value is null.
-    #   Use the output of previous API calls to make subsequent calls.
-    #
-    # @option params [required, String] :permission_set_arn
-    #   The ARN of the permission set from which to list assignments.
+    #   Specifies that you want to receive the next page of results. Valid
+    #   only if you received a `NextToken` response in the previous request.
+    #   If you did, it indicates that more output is available. Set this
+    #   parameter to the value provided by the previous call's `NextToken`
+    #   response to request the next page of results.
     #
-    # @return [Types::ListAccountAssignmentsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    # @return [Types::ListApplicationProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
-    #   * {Types::ListAccountAssignmentsResponse#account_assignments #account_assignments} => Array&lt;Types::AccountAssignment&gt;
-    #   * {Types::ListAccountAssignmentsResponse#next_token #next_token} => String
+    #   * {Types::ListApplicationProvidersResponse#application_providers #application_providers} => Array&lt;Types::ApplicationProvider&gt;
+    #   * {Types::ListApplicationProvidersResponse#next_token #next_token} => String
     #
     # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
     #
     # @example Request syntax with placeholder values
     #
-    #   resp = client.list_account_assignments({
-    #     account_id: "TargetId", # required
-    #     instance_arn: "InstanceArn", # required
+    #   resp = client.list_application_providers({
     #     max_results: 1,
     #     next_token: "Token",
-    #     permission_set_arn: "PermissionSetArn", # required
     #   })
     #
     # @example Response structure
     #
-    #   resp.account_assignments #=> Array
-    #   resp.account_assignments[0].account_id #=> String
-    #   resp.account_assignments[0].permission_set_arn #=> String
-    #   resp.account_assignments[0].principal_id #=> String
-    #   resp.account_assignments[0].principal_type #=> String, one of "USER", "GROUP"
+    #   resp.application_providers #=> Array
+    #   resp.application_providers[0].application_provider_arn #=> String
+    #   resp.application_providers[0].display_data.description #=> String
+    #   resp.application_providers[0].display_data.display_name #=> String
+    #   resp.application_providers[0].display_data.icon_url #=> String
+    #   resp.application_providers[0].federation_protocol #=> String, one of "SAML", "OAUTH"
+    #   resp.application_providers[0].resource_server_config.scopes #=> Hash
+    #   resp.application_providers[0].resource_server_config.scopes["ResourceServerScope"].detailed_title #=> String
+    #   resp.application_providers[0].resource_server_config.scopes["ResourceServerScope"].long_description #=> String
     #   resp.next_token #=> String
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListAccountAssignments AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListApplicationProviders AWS API Documentation
     #
-    # @overload list_account_assignments(params = {})
+    # @overload list_application_providers(params = {})
     # @param [Hash] params ({})
-    def list_account_assignments(params = {}, options = {})
-      req = build_request(:list_account_assignments, params)
+    def list_application_providers(params = {}, options = {})
+      req = build_request(:list_application_providers, params)
       req.send_request(options)
     end
 
-    # Lists all the Amazon Web Services accounts where the specified
-    # permission set is provisioned.
+    # Lists all applications associated with the instance of IAM Identity
+    # Center. When listing applications for an instance in the management
+    # account, member accounts must use the `applicationAccount` parameter
+    # to filter the list to only applications created from that account.
+    #
+    # @option params [Types::ListApplicationsFilter] :filter
+    #   Filters response results.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the IAM Identity Center instance under which the operation
-    #   will be executed. For more information about ARNs, see [Amazon
+    #   The ARN of the IAM Identity Center application under which the
+    #   operation will run. For more information about ARNs, see [Amazon
     #   Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
     # @option params [Integer] :max_results
-    #   The maximum number of results to display for the PermissionSet.
+    #   Specifies the total number of results that you want included in each
+    #   response. If additional items exist beyond the number you specify, the
+    #   `NextToken` response element is returned with a value (not null).
+    #   Include the specified value as the `NextToken` request parameter in
+    #   the next call to the operation to get the next set of results. Note
+    #   that the service might return fewer results than the maximum even when
+    #   there are more results available. You should check `NextToken` after
+    #   every operation to ensure that you receive all of the results.
     #
     # @option params [String] :next_token
-    #   The pagination token for the list API. Initially the value is null.
-    #   Use the output of previous API calls to make subsequent calls.
-    #
-    # @option params [required, String] :permission_set_arn
-    #   The ARN of the PermissionSet from which the associated Amazon Web
-    #   Services accounts will be listed.
-    #
-    # @option params [String] :provisioning_status
-    #   The permission set provisioning status for an Amazon Web Services
-    #   account.
+    #   Specifies that you want to receive the next page of results. Valid
+    #   only if you received a `NextToken` response in the previous request.
+    #   If you did, it indicates that more output is available. Set this
+    #   parameter to the value provided by the previous call's `NextToken`
+    #   response to request the next page of results.
     #
-    # @return [Types::ListAccountsForProvisionedPermissionSetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    # @return [Types::ListApplicationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
-    #   * {Types::ListAccountsForProvisionedPermissionSetResponse#account_ids #account_ids} => Array&lt;String&gt;
-    #   * {Types::ListAccountsForProvisionedPermissionSetResponse#next_token #next_token} => String
+    #   * {Types::ListApplicationsResponse#applications #applications} => Array&lt;Types::Application&gt;
+    #   * {Types::ListApplicationsResponse#next_token #next_token} => String
     #
     # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
     #
     # @example Request syntax with placeholder values
     #
-    #   resp = client.list_accounts_for_provisioned_permission_set({
+    #   resp = client.list_applications({
+    #     filter: {
+    #       application_account: "AccountId",
+    #       application_provider: "ApplicationProviderArn",
+    #     },
     #     instance_arn: "InstanceArn", # required
     #     max_results: 1,
     #     next_token: "Token",
-    #     permission_set_arn: "PermissionSetArn", # required
-    #     provisioning_status: "LATEST_PERMISSION_SET_PROVISIONED", # accepts LATEST_PERMISSION_SET_PROVISIONED, LATEST_PERMISSION_SET_NOT_PROVISIONED
     #   })
     #
     # @example Response structure
     #
-    #   resp.account_ids #=> Array
-    #   resp.account_ids[0] #=> String
+    #   resp.applications #=> Array
+    #   resp.applications[0].application_account #=> String
+    #   resp.applications[0].application_arn #=> String
+    #   resp.applications[0].application_provider_arn #=> String
+    #   resp.applications[0].created_date #=> Time
+    #   resp.applications[0].description #=> String
+    #   resp.applications[0].instance_arn #=> String
+    #   resp.applications[0].name #=> String
+    #   resp.applications[0].portal_options.sign_in_options.application_url #=> String
+    #   resp.applications[0].portal_options.sign_in_options.origin #=> String, one of "IDENTITY_CENTER", "APPLICATION"
+    #   resp.applications[0].portal_options.visibility #=> String, one of "ENABLED", "DISABLED"
+    #   resp.applications[0].status #=> String, one of "ENABLED", "DISABLED"
     #   resp.next_token #=> String
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListAccountsForProvisionedPermissionSet AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListApplications AWS API Documentation
     #
-    # @overload list_accounts_for_provisioned_permission_set(params = {})
+    # @overload list_applications(params = {})
     # @param [Hash] params ({})
-    def list_accounts_for_provisioned_permission_set(params = {}, options = {})
-      req = build_request(:list_accounts_for_provisioned_permission_set, params)
+    def list_applications(params = {}, options = {})
+      req = build_request(:list_applications, params)
       req.send_request(options)
     end
 
@@ -1515,7 +2854,9 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
-    # Lists the IAM Identity Center instances that the caller has access to.
+    # Lists the details of the organization and account instances of IAM
+    # Identity Center that were created in or visible to the account calling
+    # this API.
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to display for the instance.
@@ -1541,8 +2882,12 @@ module Aws::SSOAdmin
     # @example Response structure
     #
     #   resp.instances #=> Array
+    #   resp.instances[0].created_date #=> Time
     #   resp.instances[0].identity_store_id #=> String
     #   resp.instances[0].instance_arn #=> String
+    #   resp.instances[0].name #=> String
+    #   resp.instances[0].owner_account_id #=> String
+    #   resp.instances[0].status #=> String, one of "CREATE_IN_PROGRESS", "DELETE_IN_PROGRESS", "ACTIVE"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListInstances AWS API Documentation
@@ -1765,7 +3110,7 @@ module Aws::SSOAdmin
 
     # Lists the tags that are attached to a specified resource.
     #
-    # @option params [required, String] :instance_arn
+    # @option params [String] :instance_arn
     #   The ARN of the IAM Identity Center instance under which the operation
     #   will be executed. For more information about ARNs, see [Amazon
     #   Resource Names (ARNs) and Amazon Web Services Service
@@ -1789,7 +3134,7 @@ module Aws::SSOAdmin
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_tags_for_resource({
-    #     instance_arn: "InstanceArn", # required
+    #     instance_arn: "InstanceArn",
     #     next_token: "Token",
     #     resource_arn: "TaggableResourceArn", # required
     #   })
@@ -1810,6 +3155,62 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
+    # Lists all the trusted token issuers configured in an instance of IAM
+    # Identity Center.
+    #
+    # @option params [required, String] :instance_arn
+    #   Specifies the ARN of the instance of IAM Identity Center with the
+    #   trusted token issuer configurations that you want to list.
+    #
+    # @option params [Integer] :max_results
+    #   Specifies the total number of results that you want included in each
+    #   response. If additional items exist beyond the number you specify, the
+    #   `NextToken` response element is returned with a value (not null).
+    #   Include the specified value as the `NextToken` request parameter in
+    #   the next call to the operation to get the next set of results. Note
+    #   that the service might return fewer results than the maximum even when
+    #   there are more results available. You should check `NextToken` after
+    #   every operation to ensure that you receive all of the results.
+    #
+    # @option params [String] :next_token
+    #   Specifies that you want to receive the next page of results. Valid
+    #   only if you received a `NextToken` response in the previous request.
+    #   If you did, it indicates that more output is available. Set this
+    #   parameter to the value provided by the previous call's `NextToken`
+    #   response to request the next page of results.
+    #
+    # @return [Types::ListTrustedTokenIssuersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListTrustedTokenIssuersResponse#next_token #next_token} => String
+    #   * {Types::ListTrustedTokenIssuersResponse#trusted_token_issuers #trusted_token_issuers} => Array&lt;Types::TrustedTokenIssuerMetadata&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_trusted_token_issuers({
+    #     instance_arn: "InstanceArn", # required
+    #     max_results: 1,
+    #     next_token: "Token",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_token #=> String
+    #   resp.trusted_token_issuers #=> Array
+    #   resp.trusted_token_issuers[0].name #=> String
+    #   resp.trusted_token_issuers[0].trusted_token_issuer_arn #=> String
+    #   resp.trusted_token_issuers[0].trusted_token_issuer_type #=> String, one of "OIDC_JWT"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListTrustedTokenIssuers AWS API Documentation
+    #
+    # @overload list_trusted_token_issuers(params = {})
+    # @param [Hash] params ({})
+    def list_trusted_token_issuers(params = {}, options = {})
+      req = build_request(:list_trusted_token_issuers, params)
+      req.send_request(options)
+    end
+
     # The process by which a specified permission set is provisioned to the
     # specified target.
     #
@@ -1861,6 +3262,167 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
+    # Adds or updates the list of authorized targets for an IAM Identity
+    # Center access scope for an application.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application with the access scope with the
+    #   targets to add or update.
+    #
+    # @option params [Array<String>] :authorized_targets
+    #   Specifies an array list of ARNs that represent the authorized targets
+    #   for this access scope.
+    #
+    # @option params [required, String] :scope
+    #   Specifies the name of the access scope to be associated with the
+    #   specified targets.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_application_access_scope({
+    #     application_arn: "ApplicationArn", # required
+    #     authorized_targets: ["ScopeTarget"],
+    #     scope: "Scope", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PutApplicationAccessScope AWS API Documentation
+    #
+    # @overload put_application_access_scope(params = {})
+    # @param [Hash] params ({})
+    def put_application_access_scope(params = {}, options = {})
+      req = build_request(:put_application_access_scope, params)
+      req.send_request(options)
+    end
+
+    # Configure how users gain access to an application. If
+    # `AssignmentsRequired` is `true` (default value), users don’t have
+    # access to the application unless an assignment is created using the
+    # [CreateApplicationAssignment API][1]. If `false`, all users have
+    # access to the application. If an assignment is created using
+    # [CreateApplicationAssignment][1]., the user retains access if
+    # `AssignmentsRequired` is set to `true`.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateApplicationAssignment.html
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application. For more information about ARNs,
+    #   see [Amazon Resource Names (ARNs) and Amazon Web Services Service
+    #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
+    #   *Amazon Web Services General Reference*.
+    #
+    # @option params [required, Boolean] :assignment_required
+    #   If `AssignmentsRequired` is `true` (default value), users don’t have
+    #   access to the application unless an assignment is created using the
+    #   [CreateApplicationAssignment API][1]. If `false`, all users have
+    #   access to the application.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateApplicationAssignment.html
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_application_assignment_configuration({
+    #     application_arn: "ApplicationArn", # required
+    #     assignment_required: false, # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PutApplicationAssignmentConfiguration AWS API Documentation
+    #
+    # @overload put_application_assignment_configuration(params = {})
+    # @param [Hash] params ({})
+    def put_application_assignment_configuration(params = {}, options = {})
+      req = build_request(:put_application_assignment_configuration, params)
+      req.send_request(options)
+    end
+
+    # Adds or updates an authentication method for an application.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application with the authentication method to
+    #   add or update.
+    #
+    # @option params [required, Types::AuthenticationMethod] :authentication_method
+    #   Specifies a structure that describes the authentication method to add
+    #   or update. The structure type you provide is determined by the
+    #   `AuthenticationMethodType` parameter.
+    #
+    # @option params [required, String] :authentication_method_type
+    #   Specifies the type of the authentication method that you want to add
+    #   or update.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_application_authentication_method({
+    #     application_arn: "ApplicationArn", # required
+    #     authentication_method: { # required
+    #       iam: {
+    #         actor_policy: { # required
+    #         },
+    #       },
+    #     },
+    #     authentication_method_type: "IAM", # required, accepts IAM
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PutApplicationAuthenticationMethod AWS API Documentation
+    #
+    # @overload put_application_authentication_method(params = {})
+    # @param [Hash] params ({})
+    def put_application_authentication_method(params = {}, options = {})
+      req = build_request(:put_application_authentication_method, params)
+      req.send_request(options)
+    end
+
+    # Adds a grant to an application.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application to update.
+    #
+    # @option params [required, Types::Grant] :grant
+    #   Specifies a structure that describes the grant to update.
+    #
+    # @option params [required, String] :grant_type
+    #   Specifies the type of grant to update.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_application_grant({
+    #     application_arn: "ApplicationArn", # required
+    #     grant: { # required
+    #       authorization_code: {
+    #         redirect_uris: ["URI"],
+    #       },
+    #       jwt_bearer: {
+    #         authorized_token_issuers: [
+    #           {
+    #             authorized_audiences: ["TokenIssuerAudience"],
+    #             trusted_token_issuer_arn: "TrustedTokenIssuerArn",
+    #           },
+    #         ],
+    #       },
+    #     },
+    #     grant_type: "authorization_code", # required, accepts authorization_code, refresh_token, urn:ietf:params:oauth:grant-type:jwt-bearer, urn:ietf:params:oauth:grant-type:token-exchange
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PutApplicationGrant AWS API Documentation
+    #
+    # @overload put_application_grant(params = {})
+    # @param [Hash] params ({})
+    def put_application_grant(params = {}, options = {})
+      req = build_request(:put_application_grant, params)
+      req.send_request(options)
+    end
+
     # Attaches an inline policy to a permission set.
     #
     # <note markdown="1"> If the permission set is already referenced by one or more account
@@ -1942,7 +3504,7 @@ module Aws::SSOAdmin
 
     # Associates a set of tags with a specified resource.
     #
-    # @option params [required, String] :instance_arn
+    # @option params [String] :instance_arn
     #   The ARN of the IAM Identity Center instance under which the operation
     #   will be executed. For more information about ARNs, see [Amazon
     #   Resource Names (ARNs) and Amazon Web Services Service
@@ -1960,7 +3522,7 @@ module Aws::SSOAdmin
     # @example Request syntax with placeholder values
     #
     #   resp = client.tag_resource({
-    #     instance_arn: "InstanceArn", # required
+    #     instance_arn: "InstanceArn",
     #     resource_arn: "TaggableResourceArn", # required
     #     tags: [ # required
     #       {
@@ -1981,7 +3543,7 @@ module Aws::SSOAdmin
 
     # Disassociates a set of tags from a specified resource.
     #
-    # @option params [required, String] :instance_arn
+    # @option params [String] :instance_arn
     #   The ARN of the IAM Identity Center instance under which the operation
     #   will be executed. For more information about ARNs, see [Amazon
     #   Resource Names (ARNs) and Amazon Web Services Service
@@ -1999,7 +3561,7 @@ module Aws::SSOAdmin
     # @example Request syntax with placeholder values
     #
     #   resp = client.untag_resource({
-    #     instance_arn: "InstanceArn", # required
+    #     instance_arn: "InstanceArn",
     #     resource_arn: "TaggableResourceArn", # required
     #     tag_keys: ["TagKey"], # required
     #   })
@@ -2013,6 +3575,84 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
+    # Updates application properties.
+    #
+    # @option params [required, String] :application_arn
+    #   Specifies the ARN of the application. For more information about ARNs,
+    #   see [Amazon Resource Names (ARNs) and Amazon Web Services Service
+    #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
+    #   *Amazon Web Services General Reference*.
+    #
+    # @option params [String] :description
+    #   The description of the .
+    #
+    # @option params [String] :name
+    #   Specifies the updated name for the application.
+    #
+    # @option params [Types::UpdateApplicationPortalOptions] :portal_options
+    #   A structure that describes the options for the portal associated with
+    #   an application.
+    #
+    # @option params [String] :status
+    #   Specifies whether the application is enabled or disabled.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_application({
+    #     application_arn: "ApplicationArn", # required
+    #     description: "Description",
+    #     name: "NameType",
+    #     portal_options: {
+    #       sign_in_options: {
+    #         application_url: "ApplicationUrl",
+    #         origin: "IDENTITY_CENTER", # required, accepts IDENTITY_CENTER, APPLICATION
+    #       },
+    #     },
+    #     status: "ENABLED", # accepts ENABLED, DISABLED
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateApplication AWS API Documentation
+    #
+    # @overload update_application(params = {})
+    # @param [Hash] params ({})
+    def update_application(params = {}, options = {})
+      req = build_request(:update_application, params)
+      req.send_request(options)
+    end
+
+    # Update the details for the instance of IAM Identity Center that is
+    # owned by the Amazon Web Services account.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the instance of IAM Identity Center under which the
+    #   operation will run. For more information about ARNs, see [Amazon
+    #   Resource Names (ARNs) and Amazon Web Services Service
+    #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
+    #   *Amazon Web Services General Reference*.
+    #
+    # @option params [required, String] :name
+    #   Updates the instance name.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_instance({
+    #     instance_arn: "InstanceArn", # required
+    #     name: "NameType", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstance AWS API Documentation
+    #
+    # @overload update_instance(params = {})
+    # @param [Hash] params ({})
+    def update_instance(params = {}, options = {})
+      req = build_request(:update_instance, params)
+      req.send_request(options)
+    end
+
     # Updates the IAM Identity Center identity store attributes that you can
     # use with the IAM Identity Center instance for attributes-based access
     # control (ABAC). When using an external identity provider as an
@@ -2103,6 +3743,54 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
+    # Updates the name of the trusted token issuer, or the path of a source
+    # attribute or destination attribute for a trusted token issuer
+    # configuration.
+    #
+    # <note markdown="1"> Updating this trusted token issuer configuration might cause users to
+    # lose access to any applications that are configured to use the trusted
+    # token issuer.
+    #
+    #  </note>
+    #
+    # @option params [String] :name
+    #   Specifies the updated name to be applied to the trusted token issuer
+    #   configuration.
+    #
+    # @option params [required, String] :trusted_token_issuer_arn
+    #   Specifies the ARN of the trusted token issuer configuration that you
+    #   want to update.
+    #
+    # @option params [Types::TrustedTokenIssuerUpdateConfiguration] :trusted_token_issuer_configuration
+    #   Specifies a structure with settings to apply to the specified trusted
+    #   token issuer. The settings that you can provide are determined by the
+    #   type of the trusted token issuer that you are updating.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_trusted_token_issuer({
+    #     name: "TrustedTokenIssuerName",
+    #     trusted_token_issuer_arn: "TrustedTokenIssuerArn", # required
+    #     trusted_token_issuer_configuration: {
+    #       oidc_jwt_configuration: {
+    #         claim_attribute_path: "ClaimAttributePath",
+    #         identity_store_attribute_path: "JMESPath",
+    #         jwks_retrieval_option: "OPEN_ID_DISCOVERY", # accepts OPEN_ID_DISCOVERY
+    #       },
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateTrustedTokenIssuer AWS API Documentation
+    #
+    # @overload update_trusted_token_issuer(params = {})
+    # @param [Hash] params ({})
+    def update_trusted_token_issuer(params = {}, options = {})
+      req = build_request(:update_trusted_token_issuer, params)
+      req.send_request(options)
+    end
+
     # @!endgroup
 
     # @param params ({})
@@ -2116,7 +3804,7 @@ module Aws::SSOAdmin
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-ssoadmin'
-      context[:gem_version] = '1.29.0'
+      context[:gem_version] = '1.31.0'
       Seahorse::Client::Request.new(handlers, context)
     end