AWS debuted IAM Identity Center APIs to create users and groups enmass. Administrators can use these new APIs to manage identities programmatic and gain visibility into users in the Identity Center directory.
Previously known as AWS SSO, it supports the direct creation and management of users and groups and can be connected to existing sources and providers such as Microsoft Active Directory, Okta Universal Directory, or Azure AD. For audit and reconciliation purposes, the cloud provider introduced new Identity Center directory APIs to retrieve users and their group memberships.
Built on the per-account functionalities of AWS IAM and the multi-account features of AWS Organizations, the managed service removes the effort of federating and managing permissions separately for each AWS account
This can manage workforce sign-in and access to all accounts in an AWS Organization, with the possibility to delegate the administration to a member account
But, IAM Identity Center is not yet SCIM compliant and that it is easier to push users and groups from other identity and access management services.