How to configure App Service to use Azure AD login from Terraform

It is easy to Configure a web App Service to use Azure AD login manually via the official document However, How can I achieve this from Terraform? I've searched a while didn't found any examples, if you happen to address one, would be nice to share with me.

The following code is how I created Resource group and provisioned the web application

terraform {
  backend "azurerm" {}
}

terraform {
  required_version = ">= 0.13"
}

resource "azurerm_resource_group" "tf_resource_group" {
  name     = "RG_${var.application_name}_${var.environment}"
  location = var.location

  tags = {
    environment = var.environment
    DeployedBy  = "terraform"
  }
}

resource "azurerm_app_service_plan" "tf_service_plan" {
  name                = "${var.application_name}-${var.environment}-asp"
  location            = azurerm_resource_group.tf_resource_group.location
  resource_group_name = azurerm_resource_group.tf_resource_group.name
  kind                = "Linux"
  reserved            = true

  sku {
    tier = "Standard"
    size = "S1"
  }

  tags = {
    environment = var.environment
    DeployedBy  = "terraform"
  }
}

resource "azurerm_app_service" "tf_app_service" {
  name                = var.application_name
  location            = azurerm_resource_group.tf_resource_group.location
  resource_group_name = azurerm_resource_group.tf_resource_group.name
  app_service_plan_id = azurerm_app_service_plan.tf_service_plan.id

  site_config {
    always_on        = true
    linux_fx_version = "DOCKER|${var.acr_name}.azurecr.io/${var.img_repo_name}:${var.tag}"
  }

  app_settings = {
    DOCKER_REGISTRY_SERVER_URL          = "$DRSRUL"
    WEBSITES_ENABLE_APP_SERVICE_STORAGE = "false"
    DOCKER_REGISTRY_SERVER_USERNAME     = "$ACRNAME"
    DOCKER_REGISTRY_SERVER_PASSWORD     = "$PW"
  }

  identity {
    type = "SystemAssigned"
  }
}