Best practice for urgent termination of user

We are using Keycloak as a broker to have SSO to our apps with Google as IDP.
What are the things we need to do so that an employee is logged out of all the applications when he/she is offboarded?
We tried the following :

  • Click on “Log out all sessions” on the user profile in Keycloak
  • Delete the user in Keycloak
  • Reset sign in cookies from the user’s Google profile

But the user can still continue using the apps that they are already signed in to.

Please note that most of our apps use SAML for SSO and very few has SLO capabilities.

Thank you in advance!