To enable the Dawiso integration with Microsoft Entra ID, an Entra ID administrator must register Dawiso as an application, grant API permissions, and create a client secret. For the architecture and security model of the integration, see Microsoft Entra ID integration: security architecture.

Why synchronize users in advance

Synchronizing users from Entra ID before they log in lets administrators assign responsibilities (such as data ownership) to people who do not yet have a Dawiso account. Without synchronization, an account does not exist in Dawiso until the user signs in for the first time.

Consider this scenario. You need to assign your colleague Peter as the data owner of an object called Cool Report. If Peter’s Entra ID account has not been synchronized, he does not exist in Dawiso yet, and you cannot assign him. The alternative — waiting for Peter to log in — carries two risks:

  • Peter may never log in.
  • You may forget to revisit the assignment later.

Scheduled synchronization avoids both.

Configuring Microsoft Entra ID

To establish trust between Dawiso and the Microsoft identity platform, register Dawiso as an application in your Entra ID tenant, grant the required API permissions, and generate a client secret.

All steps start in the Microsoft Entra admin center, under Applications > App registrations.

Register Dawiso as an application

  1. Go to Applications > App registrations and either add a new registration or open an existing one. The Overview page shows the Client ID and Tenant ID — keep these for later.

  2. Under Manage, select Authentication.

  3. Click + Add a platform and select Single-page application.

  4. Set the Redirect URI to https://[your_instance_name].dawiso.cloud/sso/signin.

  5. Under Grant types, select both:

    • Access tokens (used for implicit flows)
    • ID tokens (used for implicit and hybrid flows)

  6. Click Configure.

  7. On the Authentication page, scroll to Advanced settings, set Allow public client flows to Yes, and click Save.

Grant API permissions

Set the API permissions before creating the client secret.

  1. Open your registered application and select API Permissions under Manage.

  2. Click + Add a permission and select Microsoft Graph.

  3. Add the following permissions:

    • Delegated permissions: User.Read, User.ReadBasic.All
    • Application permissions (admin consent required): GroupMember.Read.All, User.Read.All

  4. Click Grant admin consent for [your application].

Tip

For the rationale behind tenant-wide admin consent, see Why admin consent is required in the security overview.

Create the client secret

  1. Open your registered application and select Certificates & secrets under Manage.

  2. Click + New client secret.

  3. Enter a description and set an expiration date.

  4. Copy the Value field immediately and store it in a secure location.

Warning

The client secret value is shown only once, right after creation. If you lose it, generate a new secret.

Information to provide for SSO setup

After registering the application, send the following details to the Dawiso Customer Success team. They use these values to enable Microsoft SSO for your tenant.

Required informationDescription
Client IDUnique identifier for the registered application (also called Application ID). See Find the client and tenant ID.
Tenant IDUnique identifier for your Entra ID tenant (also called Directory ID). See Find the client and tenant ID.
Client SecretThe secret value created during application registration. See Create the client secret.
Admin groupObject ID of the Entra ID group whose members should receive admin access in Dawiso. See Find the group object IDs.
Contributor groupObject ID of the Entra ID group whose members should receive contributor access in Dawiso.
Viewer groupObject ID of the Entra ID group whose members should receive viewer access in Dawiso.

Find the client and tenant ID

Both IDs appear on the application’s overview page.

  1. In the Entra admin center, go to Applications > App registrations.
  2. Open your Dawiso application.
  3. On the Overview page, copy the Application (client) ID and Directory (tenant) ID.

Find the group object IDs

Each Dawiso role (admin, contributor, viewer) maps to one Entra ID group. Create the three groups in Entra ID first, assign users to them, then collect each group’s Object ID.

  1. In the Entra admin center, go to Groups > All groups.
  2. Open the group that should map to a Dawiso role.
  3. On the Overview page, copy the Object Id.
  4. Repeat for the admin, contributor, and viewer groups.
Tip

You can mirror additional Entra ID groups beyond the three role groups — for example, a Data Stewards group. Share the Object IDs of any extra groups with the Dawiso Customer Success team when you submit the SSO information.