Your SafeID Token Service (STS) needs to access your Azure AD (AAD) tenant in order to retrieve data such as users and tokens etc, therefore it needs a service account in AAD. This account is called the Access User account. 

The Access User account must meet the following requirements

  • It must be a service account that does not expire
  • It must have global administration rights
  • It must NOT be enabled with multi-factor authentication

As the Access User account is only going to be used for machine to machine communication, you can make its password as long as possible. 


Sign into the SafeID Token Service console, navigate to Settings | Azure AD Setup

Enter a descriptive text as the Name of your Azure AD tenant

In the Access User Name box, enter the name of the access user account. 

In the Access User Password box, enter the password of the access user.

Click Start

Click "Accept"

The integration completed successfully


To ensure that the integration has indeed been completed successfully, you can check the following

Finally, sign out and sign in again. Then, you should be able to browse users in AAD