@bharath-yadavally You could absolutely use the 2 step approach you outlined. There are two different approaches that have different strengths and weaknesses.
The tradeoffs are that if you make those two calls, you're depending on the identity provider to be up and available to your backend service. You're tightly coupling the backend service to the identity provider.
That can work fine, but as you scale, more and more backend services will be making those calls, and the idp and speedy connections to it become more and more critical to your application.
Contrast that with the webhook approach, where the data is pushed to every backend service, and only when a user is deactivated. In this case, there'll be far less coupling with the identity provider, at the cost of more complexity on the backend service side.
Hope that helps.