Question regarding User Management Best Practices

From the docs it looks like the primary option for User Management within SuiteCRM is to do so as an Admin User. I am facing some opposition to giving Admin rights within our organization only to facilitate User Management. The reason is that the Admin user also gets access to additional functionality like Module Loader, Studio, etc that we don’t necessarily need/want to grant to a business user.

Has anyone found a creative or best practice way to federate User Management on a divisional basis (particularly the ability to enable revocation of access privilege when someone is terminated) without having to Federate complete Admin rights?

I realize that this is where LDAP and SAML authentication are intended to play.

Just wondering if there is a way to work towards that using the OOB User Management.

Any thoughts are appreciated here. Was hoping someone figured out how to use Security Suite or something to give User Control or if there was a way to link the Employee Status to the User Status so that changing the Employee Status could revoke the ability to log in.

Thanks!