When integrating with Azure AD over OpenID Connect in order to get federated authentication, is there some mechanism to get notifications when a user has been disabled/deleted in Azure AD?
It seems that the official way is through the Secure Event Token specification in combination with the OpenID Connect's RISC Events. However, I have only found one Identity Provider that has documented support for this mechanism. Does Azure AD have something similar or is there an alternative approach to achieve this?
Some more context: Once I user has authenticated against Azure AD over OpenID Connect, I would like to be able to provide services to the user that should be disabled once the user has been disabled/deleted in Azure AD. An example might be a long-running process that needs to be stopped and that outlasts the user's session or data that needs to be cleaned up.