Remove Group SAML `Identity` record when a user is manually removed from a group
Identity record linking a user to a
SamlProvider when they are manually removed from a group.
This looks like
provider: :group_saml, saml_provider: group.saml_provider, extern_uid: oauth['uid'], user: current_user, and was discussed in #5331 (comment 63848745)
Allows users to break the link to a particular provider, for example if accidentally linking the wrong account. Otherwise removing the user still leaves the Identity record which will cause the same link to be made on a second attempt.