Your SafeID Token Service (STS) needs to access your Azure AD (AAD) tenant in order to retrieve data such as users and tokens etc, therefore it needs a service account in AAD. This account is called the Access User account.
The Access User account must meet the following requirements
As the Access User account is only going to be used for machine to machine communication, you can make its password as long as possible.
Sign into the SafeID Token Service console, navigate to Settings | Azure AD Setup
Enter a descriptive text as the Name of your Azure AD tenant
In the Access User Name box, enter the name of the access user account.
In the Access User Password box, enter the password of the access user.
Click Start