Following this article you can link Azure API Management to Users/Groups in Azure Active Directory.

At the moment I am creating the APIM instance with Terraform

resource "azurerm_api_management" "test" {
  name                = "example-apim"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"
  publisher_name      = "My Company"
  publisher_email     = "company@terraform.io"

  sku {
    name     = "Developer"
    capacity = 1
  }
}

How do I add the Active Directory Identity Provider to this?

This doesn't seem to be possible with terraform, however, it can be added by calling the REST API from the Azure CLI.

az rest -m put -u "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/my-resource-group/providers/Microsoft.ApiManagement/service/my-apim/identityProviders/aad?api-version=2019-01-01" -b "{'properties':{'clientId':'xxxxx-xxx-xxxx-xxxx-xxxxxxxxxx','clientSecret':'super-secret-password','allowedTenants':['mysite.com']}}"

The body -b is json that has been formatted to a single line.

You need to look up the clientId from active directory and know what the clientSecret is.

You can embedd this command in terraform if you wish:

resource "null_resource" "add-ad-identity-provider" {
  provisioner "local-exec" {
    command = "az rest -m put -u \"https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/my-resource-group/providers/Microsoft.ApiManagement/service/my-apim/identityProviders/aad?api-version=2019-01-01\" -b \"{'properties':{'clientId':'xxxxx-xxx-xxxx-xxxx-xxxxxxxxxx','clientSecret':'super-secret-password','allowedTenants':['mysite.com']}}\""
  }
  depends_on = ["azurerm_api_management.test"]
}