Not through the device UI, no. On a fully managed device, end users are always blocked from adding or removing OS-level users regardless of policy configuration.
Whether the EMM can do it programmatically depends on the management architecture in use.
AMAPI does not support secondary user management at all. While the policy schema includes addUserDisabled and removeUserDisabled fields, the documentation explicitly states that for devices where managementMode is DEVICE_OWNER, the user is never allowed to add or remove users. There is no API for the EMM to create, remove, or switch between OS-level users either.
A custom DPC operating as Device Owner has significantly more capability here. Android's DevicePolicyManager exposes several user management APIs:
createAndManageUser() - create secondary users programmatically (Android 7.0+)removeUser() - remove secondary users (Android 5.0+)switchUser() - switch the active user on the device (Android 7.0+)startUserInBackground() / stopUser() - manage user sessions without switching (Android 9.0+)This is one of the remaining capability gaps between AMAPI and custom DPC. If your organisation relies on multi-user device scenarios, check whether your EMM exposes these APIs.
A common use case for secondary users is shared devices - kiosks, shift terminals, or front-of-house equipment. Custom DPCs can create ephemeral users (using the MAKE_USER_EPHEMERAL flag on createAndManageUser()), where all user data and apps are automatically deleted when the user session ends, the device switches users, or the device reboots. This requires Android 9.0+ and is documented in detail in Google's dedicated devices guide.
Not all Android devices support multiple OS-level users, even if the Android version does. This is a hardware and OEM decision. Before planning a multi-user deployment, verify that the target devices support secondary users - the DevicePolicyManager API will return specific error codes if the device has reached its user limit or does not support the feature.