Other Articles

How to integrate Kawach with Microsoft Entra ID?

Support > Microsoft Entra ID Integration

January 09, 2026

Microsoft Entra ID Logo

Overview

This article explains how to integrate Microsoft Entra ID with Kawach to enable centralized visibility into identity, access, and domain governance across your organization. Once connected, Kawach can monitor Entra ID data in read-only mode and surface relevant findings as part of your compliance workflows.

This integration helps ensure that user access, role assignments, and domain configurations are consistently tracked and available for audits, reviews, and internal assessments.

Prerequisites

Before starting the integration, ensure the following:

  • Your organization has an active Microsoft Entra ID (Azure AD) tenant.
  • You are a Microsoft Entra Global Administrator or have permissions to approve third-party enterprise applications.
  • You have access to your organization’s Kawach account with permissions to manage integrations.
  • You know which Entra ID directory (tenant) you want Kawach to monitor.

What Kawach Accesses

Kawach connects to Microsoft Entra ID in read-only mode. It does not modify any users, roles, domains, or configurations in your directory.

Once connected, Kawach can:

  • Read user profiles to verify authorized access
  • Read user security settings to assess compliance controls
  • Read domains associated with the organization for domain governance
  • Read role definitions and role assignments to validate access governance and segregation of duties

Steps to Integrate Microsoft Entra ID with Kawach

Step 1: Navigate to Integrations in Kawach

  1. Log in to your Kawach account.
  2. Go to Settings.
  3. Select the Integrations tab.
  4. Click Create.
  5. Locate Microsoft Entra ID from the list of available integrations.
  6. Click Connect.

Step 2: Authorize Kawach in Microsoft Entra ID

  1. You will be redirected to the Microsoft sign-in page.
  2. Sign in using your work account associated with the Entra ID tenant.

    3. Personal accounts are not supported.

  3. Review the permissions requested by Kawach.
  4. Approve the application access.
Note: You must have Global Administrator or equivalent permissions to authorize third-party enterprise applications.

Step 3: Confirm Directory Connection

After authorization:

  1. You will be redirected back to Kawach.
  2. Confirm the Entra ID directory connection.
  3. Kawach will begin syncing data from your tenant.

After the Integration

Once the integration is complete:

  • Entra ID users, roles, and domains are continuously monitored within Kawach.
  • Relevant findings can be surfaced as part of compliance and risk workflows.
  • Teams get centralized visibility into identity and access controls without switching tools.
  • This setup supports ongoing compliance by ensuring identity-related evidence is consistently available.

Troubleshooting

  • Authorization failed

    Ensure you are logged into the correct Entra ID tenant and have Global Administrator permissions.

  • Users or roles not visible

    Verify that the approved permissions include directory user and role read access.

  • Data not syncing

    Allow a few minutes after setup. If issues persist, try reconnecting the integration.