WiKID works with Active Directory in two ways: initial validation of users and in the authentication process. Both are optional.
If you use Active Directory, you can use the the built into add your Active Directory users to WiKID. Feel free to change these scripts as needed.
Second if you want to check that your users are valid in Active Directory as well as in WiKID, you can use the Microsoft Radius server NPS (which is free). It can be configured to check that a user is valid in AD and then proxy the username and one-time password to WiKID for validation. In this way, deleting a user in AD is all you should need to do when de-provisioning. More information on configuring NPS with two-factor authentication from WiKID can be found here in our eGuide to adding two-factor authentication to your network.