Your SafeID Token Service (STS) needs to access your Azure AD (AAD) tenant in order to retrieve data such as users and tokens etc, therefore it needs a service account in AAD. This account is called the Access User account.
The Access User account must have the following
Navigate to Settings | Azure AD Setup
Enter a descriptive text as the Name of your Azure AD tenant
In the Access User Name box, enter the name of the access user account.
In the Access User Password box, enter the password of the access user.