A company has deployed AWS Single Sign-On (AWS SSO) and needs to ensure that user accounts are not created within AWS Identity and Access Management (AWS IAM). A DevOps engineer must create an automated solution for immediately disabling credentials of any new IAM user that is created. The security team must be notified when user creation events take place. Which combination of steps should the DevOps engineer take to meet these requirements? (Select THREE.)