diff --git a/packages/@aws-cdk/aws-service-spec/build/scrutinies.ts b/packages/@aws-cdk/aws-service-spec/build/scrutinies.ts
index 7731512ad..3a096f57f 100644
--- a/packages/@aws-cdk/aws-service-spec/build/scrutinies.ts
+++ b/packages/@aws-cdk/aws-service-spec/build/scrutinies.ts
@@ -57,8 +57,8 @@ export class Scrutinies {
   private autoPropertyScrutiny(propertyName: string, property: Property): PropertyScrutinyType | undefined {
     const richDb = new RichSpecDatabase(this.db);
 
-    // Detect fields named like ManagedPolicyArns
-    if (propertyName === 'ManagedPolicyArns') {
+    // Detect fields named like ManagedPolicyArns or ManagedPolicies (AWS::SSO::PermissionSet, for example)
+    if (propertyName === 'ManagedPolicyArns' || propertyName === 'ManagedPolicies') {
       return PropertyScrutinyType.ManagedPolicies;
     }
 
@@ -93,6 +93,12 @@ export class Scrutinies {
     this.setResourceScrutiny('AWS::EC2::SecurityGroupEgress', ResourceScrutinyType.EgressRuleResource);
     this.setPropertyScrutiny('AWS::EC2::SecurityGroup', 'SecurityGroupIngress', PropertyScrutinyType.IngressRules);
     this.setPropertyScrutiny('AWS::EC2::SecurityGroup', 'SecurityGroupEgress', PropertyScrutinyType.EgressRules);
+
+    // AWS IAM Identity Center (formerly AWS SSO)
+    // eslint-disable-next-line prettier/prettier
+    this.setResourceScrutiny('AWS::SSO::InstanceAccessControlAttributeConfiguration', ResourceScrutinyType.SsoInstanceACAConfigResource);
+    this.setResourceScrutiny('AWS::SSO::Assignment', ResourceScrutinyType.SsoAssignmentResource);
+    this.setResourceScrutiny('AWS::SSO::PermissionSet', ResourceScrutinyType.SsoPermissionSet);
   }
 
   private setResourceScrutiny(cfnType: string, scrutiny: ResourceScrutinyType) {
diff --git a/packages/@aws-cdk/service-spec-types/src/types/resource.ts b/packages/@aws-cdk/service-spec-types/src/types/resource.ts
index 40a5b5f7c..1233f1847 100644
--- a/packages/@aws-cdk/service-spec-types/src/types/resource.ts
+++ b/packages/@aws-cdk/service-spec-types/src/types/resource.ts
@@ -400,6 +400,27 @@ export enum ResourceScrutinyType {
    * A set of egress rules
    */
   EgressRuleResource = 'EgressRuleResource',
+
+  /**
+   * AWS::SSO::Assignment
+   *
+   * IAM Identity Center (formerly known as SSO)
+   */
+  SsoAssignmentResource = 'SsoAssignmentResource',
+
+  /**
+   * AWS::SSO::InstanceAccessControlAttributeConfiguration
+   *
+   * IAM Identity Center (formerly known as SSO)
+   */
+  SsoInstanceACAConfigResource = 'SsoInstanceACAConfigResource',
+
+  /**
+   * AWS::SSO::PermissionSet
+   *
+   * IAM Identity Center (formerly known as SSO)
+   */
+  SsoPermissionSet = 'SsoPermissionSet',
 }
 
 /**