I do not think it is possible. The user always have to consent to being added to a project. But did you check the User Management API https://docs.mendix.com/apidocs-mxsdk/apidocs/user-management-api ? I have not tried it myself but it seems you can automate which users can get access to which app.
Regards,
Ronald
you can do it by modifying the microflow “MendixSSO.RetrieveUserRoles”, and by assigning a role in the “yourModule.MendixSSO_CreateUser”.
The only problem is the “MendixSSO.RetrieveUserRoles” that you have to modify it directly in the Mendix SSO module, this microflow can’t be copied in your modules because it’s called by a JavaAction where its name is hard-coded.