Problem statement
What options are available for deleting users who have not logged in over a specified period of time?
Solution
While there is no built-in means of automatically deleting any user accounts that have shown no activity for n days, this could be done periodically with the User Search. See Retrieve Users with the Get Users Endpoint.
It is possible to periodically run a user search query for users whose last_login value is more than n days in the past and then use the DELETE/api/v2/users/{id} endpoint to delete those users.
The last_login value will not update for refresh token exchanges. To account for that activity, it is necessary to do a log search for type sertft (Successful exchange of Refresh Token for Access Token). Note that the log retention policy is limited to 30 days, so for logs further out than 30 days it will be necessary to already have Log Streams installed.