CF Access for Servers: Do users have to be added before hand to servers?

We configured Cloudflare Access with our IdP and setup the related tunnels etc for a server

When trying to connect to the server over SSH, it appears that the user that is authenticated by the IdP must already be listed on the server as a user

Is that true?

The documentation seems to be silent about this

My hope was that setting up Cloudflare Access for servers would remove the need to manage user lists on the servers and allow enabling and disabling access directly from CF Access policies


Cloudflare tunnels does not provide local user management on connected machines