An user that is a member of the Domain Administrator group on the local LDAP server (on-premises or cloud) that is synced to Azure AD.
Access Manager is configured to use the same LDAP server that is synced to Azure AD.
The federation is established between Access Manager and Office 365 domain with appropriatesubscriptions. See Configuring Single Sign-On for Office 365 Services.