When adding a user to openconnect it will be handled like a change in the configuration of ocserv and causes the ocserv processes to be restarted.
This behaviour is unwanted and a big inconvenience for users since their connection will break and if they are authenticated through MFA (totp) they will get disconnected and required to login again. If they don't use MFA it will just be a minor hickup in the connection while the client silently reconnect using cached credentials.
A much better way to handle this would be to just update the files:
/var/run/ocserv/ocpasswd
/var/run/ocserv/users.oath
and leave the process running if no other change was done to the openconnect configuration.