AWS is launching additional APIs to create, read, update and delete users and groups in AWS IAM Identity Center (successor to AWS Single Sign-On). The new APIs expand existing capabilities to help reduce administrative effort and save time, and provide greater visibility into the users and groups that are available in IAM Identity Center. You can use the APIs for provisioning, de-provisioning or updating users and groups programmatically in a scalable manner. The new Identity Center directory APIs enable you to retrieve users and their group memberships from the Identity Center directory for audit and reconciliation purposes.