Once you have setup the link with the Azure AD portal, you will need to ensure there is a link between your borrower accounts in the library system and their AD accounts.
The easiest and most convenient way is to make sure that the borrower's email address is populated in their record card, If this information is present then the AD system will match the records and facilitate the sign on. This can be done using either a CSV or your automatic system.
If you use the automatic system, once you have set it up to import email addresses, you will never need to adjust it, each time new borrowers arrive in the management system they will be automatically added to the library system with their email address and the SSO will work straight away.
You can check the link by opening a borrower record card and ensuring there is an email address populated in the 'E-Mail' box.
If you would like to check this for all borrowers, you can do an advanced search for 'E-Mail Is Empty', this will then give you a list of all borrowers that will not match.
It is important to note that this field must be unique, if there are two borrowers with the same email address, there is a chance the they will get mixed up when logging in.
If it is not able to match on email address it will then try to match on the user's principle name, failing that it will try the unique name. If it is still unable to find a match it will not log the user in.
If you do not want to have this information in the record card, you can setup the scheduled task in the library system or you can export a CSV from your Azure AD portal and import it into the library system.