Azure AD Integration question

I’ve integrated my gitlab instance with Azure AD for SSO reasons and it seems to be working fine.

However, it was my understanding that Azure would then be the only source of truth… so if a user has to register on gitlab first and then link his gitlab to azure, wouldn’t that kill the entire point of implementing it?

What are the best practices surrounding this implementation?

Thanks!