To find the API calls you can see How to reverse engineer the Discourse API. Also, the topics on SSO should provide some info on how to have SSO master disable accounts. For you, though, the accounts are already disabled, so you’ll probably want to get a list of them . . . somehow . . . and then something like
Users.where(somehow get the users).update_all(active: false)
(That’s not exactly right, but that’s the idea.)
If it’s an emergency and you have a budget, my contact info is in my profile.