You would like to make use of Office 365 accounts for authorization/authentication at ESS portal. Once configured, staffs will be able to login with their Office 365 account. System will look for the staff record with same Active Directory User name, and login the staff as that account.
Steps to configure Office 365 sign-in for ESS portal
Login to your Azure Portal
Go to Azure Active Directory / App Registrations, add a new registration
Name your own registration (e.g. Backstage Employee Portal)
At "Supported Account Types", select the appropriate option (who are allowed to login?)
Add a new redirect URI. Select Web for platform. Fill in the URL of Employee Portal (which will be provided by the us) with no ending slash
After the registration is created, go to Authentication / Implicit grant and hybrid flows, check "ID tokens"
Write down and send us "application Id" and "application Id URL" from your registration. We will then update the setting of your site.
You will also need to update Active Directory User Name at Applicant Profile. Backstage will use this linkage to authenticate the user.
When the setup is done, you will see "Sign in with Office" button on ESS, and now you can login with your Office 365 account.