Welcome to the Identity Store API Reference - Identity Store

Welcome to the Identity Store API Reference

Note

Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces will continue to retain their original name for backward compatibility purposes. For more information, see IAM Identity Center rename.

The identity store service used by AWS IAM Identity Center (successor to AWS Single Sign-On) provides a single place to retrieve all of your identities (users and groups). The identity store API operations in this guide allow IAM Identity Center customers to manage their identity data programmatically. The scope of these APIs allows customers to create, read, update, delete, and list users, groups, and memberships.

This guide also describes identity store operations that you can call and includes detailed information on data types and errors.

Note

If you use an external identity provider or Active Directory as your identity source, we recommend that you use Create, Update, and Delete APIs with caution. IAM Identity Center does not support outbound synchronization, so your identity source does not automatically update with the changes that you make to users or groups using these APIs.

Note

AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .Net, iOS, Android, and more). The SDKs provide a convenient way to create programmatic access to AWS Directory Service and other AWS services. For more information about the AWS SDKs, including how to download and install them, see Tools for Amazon Web Services.