As requested by our Security Officer, I am looking for a way to disable/delete accounts in our ArcGIS Enterprise that come from our Azure AD IDP if the user is no longer in our Active Directory. I understand that the user should not be able to log in if they don't exist at the IDP level, however I would like to free up licenses if needed and give added peace of mind to our Security Team. So far I have not found an intuitive and built-in way to accomplish this. Plus I want to keep valid users even if they haven't logged in for a log time or never logged in at all. There is an existing Idea for Active Directory users, but I am using a SAML provider rather than going directly to Active Directory.
I think this should available in both the Portal interface and the ArcGIS python API.
