I already have my own plugin that does synchronize every time a user logs in. But, this means that logged in users won't be up to date as long as their session still exists ("stay logged in"). This can be annoying for changes of group memberships, but it can also be a security issue for changes in the ban status of an existing user.
If I understood you right the service to service ping that happens if a new user is created wouldn't help the issue either.
Any chance for an API that allows CRUD operations on users, settings and groups?