I want to prevent user access if the OCSP responder does not return a valid/successful result. Only those users with a confirmed OCSP response will be allowed access to the systems. I don't find a flag in sssd.confg which would force this type operation. I've also looked over the IPA/idM installation guide and don't find a reference on how to implement / force an OCSP check for externally signed user certificates.
Sumit's answer applies, I think. If the certificate includes an ocsp uri, sssd will use it. So out of the box it will work. This can be problematic for laptop users without network connectivity and access to the ocsp responder, by the way.