Hello Michalle, 

Can you explain more why you need to restrict new users being created?

I'm assuming you are talking about application end users, correct?

Do you want to prevent developers from putting a 'createUser' or 'CreateOrUpdateUser' inside their application? If so, I don't think there is a way to do that.

Or are you referring to some other scenario?

Hi Michalle,

You can make this restriction in Lifetime, http://<management_environment>/lifetime. 

See this document about apply rules across applications and user.

Hope this helps.

Regards.