When user is blocked in SSO (IdM), he/she will be not blocked in MISP. He could not log in, but users authentication keys will still work and also he/she will still receive all emails.
1) set `OidcAuth.offline_access` to `true` - with that, IdP will be requested to provide offline access token
2) set `OidcAuth.check_user_validity` to number of seconds, after which user will be revalidated if he is still active in IdP. Zero means that this functionality is disabled. Recommended value is `300`.
3) because offline tokens will expire when not used, you can run `cake user check_user_validity` to check all user in one call