Many customers observe this notification under the user management page in CAS

CAS includes an automated cleanup mechanism designed to keep the cloud database optimized by removing users who were synced to the service but never actually used it. A background process periodically evaluates all users and identifies those who meet a strict set of conditions that classify them as inactive.

A user becomes eligible for cleanup when all of the following criteria are true:

• The user has never authenticated to CAS.

• The user has not been synced for more than 30 days.

• The user has no SMS or Voice overrides configured.

• The user has no FIDO authenticators or registered devices.

• The user has no assigned SecurID tokens.

• The user has no emergency token codes.

• The user has no offline emergency token codes.

This is part of the user cleanup process running in the background, designed to save the CAS DB storage. These users can be synced back to the cloud through bulk or JIT sync, since they have not done any authentications with the cloud and never had authenticators registered, and deleting them will not result in any data loss.

This is only applicable for AD users.