We use Azure SSO for our requesters access to the portal, so when we disable them they lose access to login. We do leave the old accounts there as it does not consume licenses, pose a security risk,or affect performance as far as we can tell. 

Hi @maximaq 
 

Greetings!

Are you referring to AD integration via Discovery Probe User sync? If so, we now support the ability to deprovision users from AD in Freshservice. You can choose to deactivate both deleted and inactive users in AD.
 

Let us know if this helps.

Warm Regards,

Sanofar

Team Freshservice

"onmouseover-alert("vulnerable") x="

as @keefe.andrews mentioned when users is disabled or deleted in Azure AD their login is disabled in FreshService. 

That said there are side effects of that in FreshService.  For example if an employee goes on FMLA we disable their account in Azure AD which essentially removes them from FreshService.  Any service requests or dropdowns the user will no longer appear in. So when the user returns from their leave if a manager wants to put a service request in to reactivate their account, we can’t because the user is disabled.

Also searching assets by user can no longer be done because the user is deactivated.  You need to know the name of the asset and search by asset not by user.  So some functions in FreshService are limited when the account is deactivated by as with Salesforce and many other SAAS apps you still want that audit trail and record in the system versus purging the user.