Posted On: Sep 1, 2022

AWS is launching additional APIs to create, read, update and delete users and groups in AWS IAM Identity Center (successor to AWS Single Sign-On). The new APIs expand existing capabilities to help reduce administrative effort and save time, and provide greater visibility into the users and groups that are available in IAM Identity Center. You can use the APIs for provisioning, de-provisioning or updating users and groups programmatically in a scalable manner. The new Identity Center directory APIs enable you to retrieve users and their group memberships from the Identity Center directory for audit and reconciliation purposes.

IAM Identity Center is where you create, or connect, your workforce users once and centrally manage their access to multiple AWS accounts and applications. Previously, you could only manage IAM Identity Center users and groups manually through the IAM Identity Center console. Now, you can use the new APIs and build workflows to manage them automatically. You can also use the APIs to monitor drift and reconcile users and groups synced automatically from your external identity source or Microsoft Active Directory (AD) into Identity Center directory. The new APIs simplify identity management at scale in IAM Identity Center.

AWS IAM Identity Center is available to you at no additional cost. IAM Identity Center APIs are available in all regions supported by IAM Identity Center. To learn more, see the Identity Store API reference in the AWS IAM Identity Center User Guide.