We have a process that removes the userid/login from a contact record when a user is terminated.  When we attempt to de-authorize the user in CA Asset Portfolio Management, it does not find the user record and does not remove the user from the authorized users list. 

The deauthorize process uses the unique userid/login field to lookup the record.  If it is blank, then it cannot find the proper user. 

Add the userid/login back to the contact, on the contact screen.   Then the de-authorize user process works correctly. 

You can then go back and remove the userid/login field from the record, if desired.