SSO and Screened IPs

That could be, although I think not? I’m using the only delete a user endpoint I found:

DELETE /admin/users/{id}.json

which does have a block_ip parameter defaulting to true and that I always set to false. IPs are being added to Screened IPs nonetheless.