Kubiya LogoKubiya Developer Docs
Integrations/Identity providers

Microsoft Azure AD Integration

Learn how to set up Microsoft Azure AD (Entra ID) authentication and user synchronization with Kubiya.

Microsoft Azure AD Integration

This guide will walk you through setting up Microsoft Azure AD (now called Microsoft Entra ID) integration with Kubiya. This integration provides:

  1. Authentication using your company's Azure AD credentials
  2. Automatic user synchronization between Azure AD and Kubiya

Enable Azure AD Login

Access Microsoft Entra ID admin page

  1. Visit the Microsoft Entra ID admin page at https://entra.microsoft.com/
  2. Navigate to ApplicationsEnterprise applicationsNew application
  3. Click on Create your own application
  4. Give your application a name (e.g., "Kubiya")
  5. Click Create at the bottom
Create your own application
Name your application
Application creation confirmation
Application overview

Configure application access

  1. Navigate to ApplicationsEnterprise applications and click on the application you created in the previous step
  2. Visit the Overview page and copy the Application ID (you'll need this later)
  3. Navigate to User and groups on the side menu and click on Add user/group
  4. Choose the group of users that you would like to sync into the Kubiya Platform (if you don't have one yet, you can create a new security group and add members)
Application ID
Add user/group

Configure API permissions

  1. Visit ApplicationsApp registrations and select the app that was just created
  2. On the side menu, click on API permissions and click on Add permission
  3. In the popup window, choose Microsoft Graph
    • First select Delegated permissions, search for User.Read, mark it, and click on Add permissions
    • Click again on Add permission, choose Microsoft Graph, then select Application permissions, search for Directory.Read.All, mark it, and click Add permissions
  4. On the API permissions page, click on Grant admin consent for...
API permissions

Create client secret

  1. From the side menu, click on Certificates & secretsClient secrets and click New client secret
  2. Fill out the form with a description and expiration period
  3. Click Add
  4. Important: Save the secret value immediately, as you won't be able to see it again
Client secret

Values needed for Kubiya configuration

You will need the following values to configure Azure AD integration in Kubiya:

  • Tenant name and domain - from the "Overview" page
  • Application ID - from the "Overview" page
  • Secret value - from the "Certificates & secrets" → "Client secrets" page (the value you saved earlier)
Kubiya configuration

Enable Users Auto Sync

The Kubiya support team will provide you with a Token and SCIM URL for this section.

Configure provisioning

  1. Visit ApplicationsEnterprise applications and select the app that you created in the previous section
  2. Navigate to Provisioning
  3. On the Provisioning page, click on New configuration
  4. Fill in the form with the values provided by the Kubiya team
  5. Click Test Connection and then Create
User sync configuration

Configure attribute mappings

  1. Go to Mappings and select Provision Microsoft Entra ID Users
  2. Go to Attribute Mappings and edit the attributes values:
    • externalId
    • emails[type eq "work"].value and mail
Mappings
Attribute mappings

After completing these steps, your Azure AD integration with Kubiya should be fully configured. Users from the specified Azure AD groups will be automatically provisioned in Kubiya, and they'll be able to log in using their Microsoft credentials.

If you encounter any issues during the setup process, please contact the Kubiya support team for assistance.

On this page