Connecting Kawach & Microsoft Entra ID Accounts

Overview

This article explains how to integrate Microsoft Entra ID with Kawach to enable centralized visibility into identity, access, and domain governance across your organization. Once connected, Kawach can monitor Entra ID data in read-only mode and surface relevant findings as part of your compliance workflows.

This integration helps ensure that user access, role assignments, and domain configurations are consistently tracked and available for audits, reviews, and internal assessments.

Prerequisites

Before starting the integration, ensure the following:

Your organization has an active Microsoft Entra ID (Azure AD) tenant.
You are a Microsoft Entra Global Administrator or have permissions to approve third-party enterprise applications.
You have access to your organization’s Kawach account with permissions to manage integrations.
You know which Entra ID directory (tenant) you want Kawach to monitor.

What Kawach Accesses

Kawach connects to Microsoft Entra ID in read-only mode. It does not modify any users, roles, domains, or configurations in your directory.

Once connected, Kawach can:

Read user profiles to verify authorized access
Read user security settings to assess compliance controls
Read domains associated with the organization for domain governance
Read role definitions and role assignments to validate access governance and segregation of duties

Steps to Integrate Microsoft Entra ID with Kawach

Step 1: Navigate to Integrations in Kawach

Log in to your Kawach account.
Go to Settings.
Select the Integrations tab.
Click Create.
Locate Microsoft Entra ID from the list of available integrations.
Click Connect.

Step 2: Authorize Kawach in Microsoft Entra ID

You will be redirected to the Microsoft sign-in page.
Sign in using your work account associated with the Entra ID tenant.

Personal accounts are not supported.

Review the permissions requested by Kawach.
Approve the application access.

Note: You must have Global Administrator or equivalent permissions to authorize third-party enterprise applications.

Step 3: Confirm Directory Connection

After authorization:

You will be redirected back to Kawach.
Confirm the Entra ID directory connection.
Kawach will begin syncing data from your tenant.

After the Integration

Once the integration is complete:

Entra ID users, roles, and domains are continuously monitored within Kawach.
Relevant findings can be surfaced as part of compliance and risk workflows.
Teams get centralized visibility into identity and access controls without switching tools.
This setup supports ongoing compliance by ensuring identity-related evidence is consistently available.

Troubleshooting

Pin icon Authorization failed

⌄

Ensure you are logged into the correct Entra ID tenant and have Global Administrator permissions.

Pin icon Users or roles not visible

⌄

Verify that the approved permissions include directory user and role read access.

Pin icon Data not syncing

⌄

Allow a few minutes after setup. If issues persist, try reconnecting the integration.