An administrator can choose to delete a user from BastionZero. In doing so, the administrator is removing the association between the SSO user and the BastionZero UUID. That has the net effect of removing that SSO user from all policies and immediately closing any open connections. However, their events, like command and connection logs, will remain within BastionZero and be accessible to the administrators. If the same SSO user is subsequently added back to BastionZero, that will create a new BastionZero-associated UUID and thus, new policies would need to be created for that same SSO user.