All of your scenarios make sense. For any B2B app we have developed, we ensure that each customer understands their responsibility in maintaining their user profiles. If we can implement their SSO solutions then we are good as we can periodically query and if we don't find a match we can disable the user (don't delete data!). Depending on your licensing, if you are charging the business a fee per user then it motivates them to manage their account list more closely. Ensure you have built the tools needed to administrate well. And finally, if not SSO, I would periodically require a password change. If the password expires for > X days, disable the account and if the user tries to logon give them a message that they need to contact their administrator to be reactivated (or yourself if you are administrating for them). Hope this helps from my experiences.
Hi Jacob, when reading your question I was thinking about the last login attribute of the user entity. Maybe you can use this attribute for checking users that have not been using the system for x number of days, and send them a reminder mail. Then if nothing happens you can safely mark the accounts inactive and permantly delete them later on.
Does this help or?