Skip to main content

Identity connector

The Entra ID data catalog your whole team can trust.

The Dawiso Entra ID connector syncs users, groups and roles from your tenant so ownership, stewardship and access policies in the catalog match the directory.

Read the docs
Live connector Stable connector
Entra ID
Dawiso
Metadata-only · your data never leaves the source
Type
Cloud identity & access management
Auth
Service principal · client ID + secret
Sync
Scheduled, incremental
Direction
Read-only · metadata

First things first

What is a data connector?

Metadata-only Read-only access Incremental sync Cross-system lineage

A data connector is the bridge between a tool in your stack and the catalog that gives you a unified view of it. Once a connector is configured, it reaches into the source system on a schedule, reads out the metadata - schemas, tables, dashboards, jobs, ownership, lineage - and represents it inside the catalog. Your actual rows and values stay where they are.

Connectors are the reason a data catalog can answer questions like "which Power BI dashboard depends on this Snowflake table?" or "who owns the orders topic in Kafka?" - automatically, without anyone keeping a spreadsheet up to date.

Three properties separate a good connector from a brittle one: it should be read-only and safe, it should be incremental so a full re-scan isn't required for every refresh, and it should resolve lineage across system boundaries, not just inside one tool.

About the platform

What is Microsoft Entra ID?

Microsoft Entra ID, renamed from Azure Active Directory in 2023, is Microsoft's cloud identity service. Almost every organization that runs Microsoft 365, Azure or Power BI uses it as the source of truth for who exists, what teams they belong to, and which roles they hold.

Catalog ownership and policy decisions only work if the people and groups in the catalog are the same people and groups the rest of the company uses. Mailing-list owners, stale groups and parallel user lists kill trust fast. That's where the Dawiso Entra ID connector joins the picture: read-only, metadata-only, and synced against your directory.

Architecture

How Dawiso connects to Entra ID

A small read-only role on the Entra ID side. The Dawiso scanner pulls metadata on a schedule. Everything ends up in your catalog, business-readable.

Source

Microsoft Entra ID tenant

  • Users & service accounts
  • Security & M365 groups
  • Directory roles
  • Group memberships
REST · JDBC

Dawiso scanner

Read-only metadata

  • Schema & object discovery
  • Dependency resolution
  • SQL flow parsing (optional)
  • Sampling on opt-in
Internal

Catalog

Dawiso platform

  • Searchable metadata
  • Lineage & ownership
  • Business glossary
  • Policy & classifications

Connection details

Protocol
Microsoft Graph API (REST) over HTTPS
Authentication
Azure App Registration · service principal · client secret
Lineage
Identities pulled from Microsoft Graph attach to Dawiso owners, stewards and approver roles; group membership drives access policy without a parallel user list

Setup

Connect Entra ID in 4 steps

  1. 01

    Register an Azure application

    In the Azure Portal, open Microsoft Entra ID and register a new application (for example, Dawiso Integration). Note the Application (client) ID and Directory (tenant) ID.

  2. 02

    Generate a client secret

    In Certificates & secrets, create a new client secret with an expiry that matches your rotation policy. Copy the value once: Azure does not show it again.

  3. 03

    Grant Microsoft Graph permissions

    In API Permissions, grant the read scopes the service principal needs and apply admin consent. Add Directory.Read.All only if a metadata scan reports Insufficient Permission.

  4. 04

    Connect and ingest

    In Dawiso, add Tenant ID, Client ID and Client Secret. Scheduled incremental sync keeps users, groups and roles current.

Capabilities

What you get with the Entra ID connector

  • Owner sync from directory

    Pick an owner in Dawiso from your real Entra users, not a free-text email. Stale or leftover accounts surface in the catalog instead of hiding.

  • Groups drive stewardship

    Entra security groups become Dawiso stewardship and approver roles. Add a person to the AD group, they inherit catalog responsibilities the same day.

  • RBAC backed by Entra

    Catalog access uses Entra group membership for Space, application and object-level permissions. No second user list to maintain.

  • SSO with the corporate IdP

    Single sign-on via Entra ID is the same flow your users already use for M365 and Azure. MFA is enforced at the IdP layer.

  • Least-privilege scoping

    The Dawiso service principal needs read scopes on the Graph API only. Directory.Read.All is opt-in for advanced scenarios.

  • Incremental sync

    Scheduled syncs reflect leavers, joiners and role changes inside the next ingestion cycle. No manual cleanup of orphaned owners.

Business value

Why teams turn on the Entra ID connector

  • 1 directory

    One source of truth

    Stop maintaining a parallel user list in the catalog. Dawiso owners and stewards are real Entra users and groups, validated at sync time.

  • Day-one

    Leavers leave the catalog too

    When HR offboards someone in Entra, their catalog ownerships and access permissions are no longer assigned to a phantom account.

  • SSO + MFA

    Identity controls already in place

    Use the SSO and MFA your security team already enforces in Entra. Dawiso adds no new credentials to leak, lose or rotate.

Ready to catalog your Entra ID?

Set up the connector in an afternoon. See your first lineage graph the same day.

Read the docs

Frequently asked questions

Still curious? Talk to our team ->
What is Microsoft data catalog?
Microsoft's catalog is Microsoft Purview. For identity, Dawiso reads Microsoft Entra metadata read-only - users, groups and app registrations - and connects identities to the data assets and access policies they govern.
Are Microsoft Entra and Active Directory the same?
Microsoft Entra ID is the cloud evolution of Azure Active Directory. Dawiso catalogs Entra identities and groups read-only and links them to data ownership and access, so governance and the catalog share one source of truth.
What permissions does Dawiso need on Microsoft Graph?
Read-only Graph scopes for users, groups, memberships and roles. The service principal can run without Directory.Read.All; add it only if ingestion fails with Insufficient Permission, then re-apply admin consent.
Does Dawiso copy our directory data?
Dawiso reads metadata from Microsoft Graph and caches the user, group and role objects required for ownership and access decisions. Passwords, MFA tokens and credentials are never read or stored.
Cloud-only Entra or hybrid AD?
Both. Cloud-only Entra tenants connect over Microsoft Graph directly. Hybrid setups with on-prem Active Directory work either through Entra Connect (recommended) or through Dawiso Integration Runtime for fully private deployments.
How does this relate to SSO into Dawiso?
Two layers. This connector ingests directory metadata for ownership and access policy. SSO is a separate Entra ID app integration in Dawiso (OAuth2 / OIDC) that authenticates users at login. They are usually configured together.

Explore more connectors

Entra ID is one of 30+ connectors. Bring your whole stack into the catalog.