As an application developer I want to take advantage of the token based
authentication. I do not want to deal with LDAP really. I want to use an
IdP service and will use SAML and OIDC when user authenticates.
Everything I need to know about user I will pull from the token or
assertion. That allows me to handle cases when user logs in. On the
first hit I can create a cache entry and my database for that user so
that he can be looked up and his permissions can be checked. However I
need to be able to handle following scenario:

• When my application database becomes large or I need to undergo audit
  I want to be able to clean it from old users that left the company. I do
  not want just blindly delete user because that would revoke all his
  settings and privileges but I also want to have a way to know if the
  user was disabled or removed.