How to set Azure Active Directory with Single-Sign-On

Notice: This feature is only for Microsoft Azure Active Directory. The personal Microsoft accounts cannot be used to sign on.

Create a BenQ IAM admin account.
Please follow the normal steps to register a BenQ IAM admin account.
Register BenQ IAM as an application on Microsoft.
You can also check with Microsoft’s official manual as a reference.
- Sign in to the Azure portal.
- If you have access to multiple tenants, use the Directory + subscription filter in the top menu to select the tenant in which you want to register an application
- Search for and select Azure Active Directory
- Under Manage, select App registrations > New registration.
- Enter the Name with BenQ IAM
- For the supported account types, choose Accounts in this organizational directory only.
- About redirect URI, make sure the type as web, and enter the URL-
  https://service-portal.benq.com/login/microsoftlogincallback
- Hit Register.
When registration finishes, the Azure portal displays the app registration's Overview pane.
You see the Application (client) ID. Please memo down this Application (client) ID, it will be used in BenQ IAM later.
Under Manage, select Certificates & secrets > New client secret.
Fill in the description with BenQ IAM, and then hit Add.
Memo down the value of Client secrets. It will be used in BenQ IAM later as well.
Login BenQ services with your BenQ Account, and go to IAM (Identity and Access Management)
Under Account Management, click Azure AD SSO Setting
Name the Organization Unit that can represent your organization. This Organization Unit will be needed when users logging in with SSO after setting SSO successfully.
Fill in the Client ID generated in Step 3. And, fill in the Client Secret generated in steps 4 and 5.
After setting Azure AD SSO successfully, all the accounts in your organizational directory can login to BenQ services directly. It is no needed for the admin to create new accounts one by one manually.