Azure AD with Microsoft Graph is a service accessed from the Microsoft Azure Portal, where it has to be enabled and configured.
Once the Azure AD connection is established, go to MyQ, Settings, User Synchronization.
Click Add, and then click Add Azure AD source.
In the Azure AD Synchronization properties panel to the right, in the General tab, if you have already set up an Azure AD connection, the Azure AD server is already in the Authentication Server field. Otherwise, click Add new and set up an Azure AD connection.
In the Users tab:
You can map user information from Azure AD to the credentials in MyQ.
If you plan to authenticate users towards Azure using Active Directory credentials and use the Microsoft single sign-on option, select the Use as authentication server option and click Save.
In the Groups tab, you can select what Active Directory groups you want to remove from synchronization using the Ignore groups and Ignore groups containing string fields.
Users can be now synchronized by selecting your Azure AD source from the list and clicking Synchronize now.
Only one instance of an Azure AD authentication server and Azure AD synchronization source can be created in MyQ. This means that you can currently automatically synchronize users only from one Azure AD tenant at a time.