Microsoft Entra ID connector

Set up the Microsoft Entra ID connector in Kaivo: authentication, configuration, the 10 BigQuery tables it syncs, and answers to common questions.

Written By Lauri Raivio

Last updated About 2 hours ago

Kaivo is a fully managed data platform that syncs your Microsoft Entra ID data into a Google BigQuery warehouse and keeps it up to date automatically. There is no pipeline to build and no infrastructure to run, so you can spend your time analysing your data from Microsoft Entra ID instead of moving it.

What is the Microsoft Entra ID connector

Sync your Microsoft Entra ID data into BigQuery with Kaivo to audit users, groups, and access across your directory.

CategoryTech
StatusGenerally available
AuthenticationAPI key
SetupSelf-service

Getting started with the Microsoft Entra ID connector

  1. Sign up for Kaivo and create a workspace.
  2. Connect your Microsoft Entra ID account.
  3. Choose which tables to sync.
  4. Wait for the initial sync to finish.
  5. Query your data in BigQuery or your favourite AI or BI tool.

Authenticating Microsoft Entra ID

Authenticate with your Client Secret.

FieldDescription
Client Secret

A client secret value for your app registration (App registration → Certificates & secrets).

Configuring the Microsoft Entra ID connector

When you set up the connector, you provide:

FieldDescription
Client ID

The Application (client) ID of your Entra ID app registration (Azure portal → App registrations → Overview).

Tenant ID

The Directory (tenant) ID of your Entra ID tenant (Azure portal → App registrations → Overview).

User ID

The object ID of the user whose owned and deleted directory objects to sync (Azure portal → Users → the user's profile).

Tables and columns synced from Microsoft Entra ID

Kaivo syncs 10 tables from Microsoft Entra ID into a dedicated dataset in your BigQuery warehouse. Click any table to see its columns and types.

How the Microsoft Entra ID sync works

After the first load, Kaivo keeps your BigQuery warehouse up to date for you. Where Microsoft Entra ID supports it, each sync pulls only new and changed records so it stays fast; otherwise it refreshes the whole table. Every record keeps its original ID, so you won't get duplicate rows.

Frequently asked questions

How long does the initial sync take for Microsoft Entra ID?

It depends on how much history is in your Microsoft Entra ID account. Most initial syncs finish within minutes, while large accounts can take a few hours. After that, syncs only fetch new and changed records, so they're much faster.

Can I sync only some tables or columns?

Yes. You pick which tables to sync when you set up the connection and can change the selection later. Tables you don't select are never copied to your warehouse.

What happens when Microsoft Entra ID's schema changes?

New fields are never added automatically. You choose which fields to sync, so data you haven't selected (sensitive personal data, for example) never lands in your warehouse. When a new field appears, it becomes available for you to add. What happens to removed or renamed fields depends on a table's sync mode: full-refresh tables always match what's currently in Microsoft Entra ID, so dropped fields disappear, while incremental tables keep their existing columns and history, so an old field stays and newly added fields fill in over time.

How do I handle GDPR or data deletion requests?

Your data lives in your own Kaivo-managed BigQuery warehouse, so the most direct option is to delete or anonymise specific records right in BigQuery. If you delete data in Microsoft Entra ID instead, full-refresh tables drop it on the next sync, while incremental tables keep it, so you would remove the row in BigQuery or ask us to run a full refresh. To remove everything, delete the Microsoft Entra ID connector in Kaivo and all of its synced data is deleted with it.

Common use cases for Microsoft Entra ID data

Access review

Use users, groups, and directoryroles to review who has access to what.

Audit trail

Use directoryaudits to track directory changes over time.

Application inventory

Join applications with serviceprincipals to document app access.

Use Microsoft Entra ID data in your AI and BI tools

Once Microsoft Entra ID data lands in your Kaivo-managed BigQuery warehouse, you can explore it with AI tools or any BI tool that connects to BigQuery. Here's how the most common destinations work with Microsoft Entra ID data.

Claude

Use Kaivo's MCP server to give Claude secure, workspace-scoped access to your data. Setup guide →

Power BI

Microsoft's BI tool with a native BigQuery connector. Supports direct query and scheduled refresh. Setup guide →

Data Studio

Free Google BI tool with native BigQuery support. One-click connection to your Kaivo warehouse; great for SMB teams on Google Workspace. Setup guide →

Tableau

The premium analytics standard, with native BigQuery integration. Setup guide →

Google Sheets

Use Connected Sheets to query BigQuery directly from a spreadsheet, with no SQL. Setup guide →

Excel

Connect via Power Query's BigQuery connector. Setup guide →

Metabase

Open-source BI tool with strong BigQuery support. Setup guide →

See our pricing page for Microsoft Entra ID connector pricing and plan details.

  • Adform: Sync Adform to BigQuery.
  • Amplitude: Sync Amplitude to BigQuery.
  • Auth0: Sync Auth0 to BigQuery.
  • Convex: Sync Convex to BigQuery.
  • GitHub: Sync GitHub to BigQuery.
  • GitLab: Sync GitLab to BigQuery.