SSO using Azure AD

*Is there an option to control User (de)Provisioning to/from Yellow from the client’s Azure environment?

*For some 3rd party SaaS tools that the Client is using this is possible, they use Azure Enterprise Application, and User Provisioning is handled through User membership in Azure Active Directory group(s). This way Client has full control of the User’s identity for the entire lifecycle of the employee. Which comes in handy, especially in the case of Offboarding. How does Yellow work with User identities when YAI-local login is used before SSO implementation and SSO is then configured? Does the User keep the identity, including all the historical data, and simply change the authentication method? Or is it perhaps not that simple?