Deactivate or delete external users if we want them to have the ability to have a future account created via SSO, auto-provisioning?

We have configured WF for Single Sign On and auto-provisioning so that anyone in the company can have their account created automatically upon first login--which is ideal. On rare occasions, I get pinged that an employee cannot access WF properly, they have a blank screen. Digging into this I uncover that the employee has an existing External User account because they were once shared a proof(s) via their email address, thus creating the External User account. I can upgrade their Access Level and other settings when I am notified of this, but I am wondering if I can be proactive with it to prevent this issue from happening in the future? I do not want to research every External User in the company and change their settings as that would take too much time, so I am wondering if I deactivate or delete the External User accounts, will this allow them to log in through the normal SSO auto-provisioning route in the future? Or would deactivation or deletion mess it up entirely?