Kivo

Required Permissions: Workspace Manager

This article explains how to configure single sign-on (SSO) between Kivo and Microsoft Entra ID (formerly Azure Active Directory). It includes background on how the integration works, what permissions are required, and what customers can expect during setup.

___________________________________________________________

Microsoft Entra ID is Microsoft’s cloud-based identity and access management service. When integrated with Kivo, it allows users to authenticate using their corporate Microsoft credentials.

Kivo supports Entra ID–based authentication using a tenant consent model, where Entra ID authorizes Kivo to read limited user profile information required for authentication.

Kivo supports two Entra ID integration approaches.

Option 1 – Kivo-Managed App Registration (Recommended)

Kivo owns and manages the Entra ID application registration

Customers grant admin consent to Kivo’s application

- Kivo owns and manages the Entra ID application registration
- Customers grant admin consent to Kivo’s application
- Kivo manages tokens and key rotation

- Simplified setup
- No customer key management
- Faster onboarding

Users authenticate via Microsoft’s standard login experience (no custom branding)

- Users authenticate via Microsoft’s standard login experience (no custom branding)

Option 2 – Customer-Managed App Registration

Customer creates and manages their own Entra ID app registration

- Application (client) ID
- Tenant domain
- Client secret

Customer is responsible for rotating secrets

- Customer creates and manages their own Entra ID app registration
- Customer provides:
  - Application (client) ID
  - Tenant domain
  - Client secret
- Customer is responsible for rotating secrets

Authentication occurs directly within the customer’s tenant

- Fully branded Microsoft login experience
- Authentication occurs directly within the customer’s tenant

- More complex setup
- Ongoing secret management required

Kivo redirects the user to Microsoft Entra ID

Entra ID authenticates the user using your policies (MFA, conditional access, etc.)

Entra ID returns a signed response to Kivo

Kivo validates the response and creates a session

1. Kivo redirects the user to Microsoft Entra ID
2. Entra ID authenticates the user using your policies (MFA, conditional access, etc.)
3. Entra ID returns a signed response to Kivo
4. Kivo validates the response and creates a session

Kivo reads basic profile attributes only, such as:

1. Log in to the Azure portal
2. Navigate to Microsoft Entra ID
3. Locate your Primary Domain

Replace <code>[[Your Domain]]</code> with your tenant domain

Paste the URL into a browser and sign in as an Entra ID admin

1. Copy the URL below
2. Replace <code>[[Your Domain]]</code> with your tenant domain
3. Paste the URL into a browser and sign in as an Entra ID admin

https://login.microsoftonline.com/[[Your Domain]]/adminconsent?client_id=fa5ce509-b556-442b-831f-4c5bb5e589f1&amp;redirect_uri=https%3A%2F%2Fkivo.io

This grants Kivo read-only access to user profile data for authentication.

Notify your Kivo point of contact or <a href="" rel="nofollow noopener noreferrer" target="_blank">support@kivo.io</a>

Kivo completes the remaining configuration

- Notify your Kivo point of contact or <a href="" rel="nofollow noopener noreferrer" target="_blank">support@kivo.io</a>
- Kivo completes the remaining configuration
- SSO is enabled for your workspace

After first login, future sessions redirect automatically

Group membership in Kivo controls access after authentication

- Users log in via the Kivo login page
- Users select Sign in with SSO
- After first login, future sessions redirect automatically
- Group membership in Kivo controls access after authentication

<a href="https://support.kivo.io/en/articles/13391492-kivo-s-password-and-security-policies">Kivo's Password and Security Policies</a>

<a href="https://support.kivo.io/en/articles/13753728-single-sign-on-sso-overview">Single Sign-On (SSO) Overview</a>

<a href="https://support.kivo.io/en/articles/13391656-inviting-new-users">Inviting New Users</a>

- <a href="https://support.kivo.io/en/articles/13391492-kivo-s-password-and-security-policies">Kivo's Password and Security Policies</a>
- <a href="https://support.kivo.io/en/articles/13753728-single-sign-on-sso-overview">Single Sign-On (SSO) Overview</a>
- <a href="https://support.kivo.io/en/articles/13391656-inviting-new-users">Inviting New Users</a>

Configure Single Sign-On (SSO) between Kivo and Microsoft Entra ID (formerly Azure AD), including admin consent steps, authentication flow details, and what to expect during setup and login.

Single Sign-On (SSO) with Microsoft Entra ID

Create a custom design with text, images, and links

Log In to your Kivo Workspaece

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Empty Help Center

Uh oh. That page doesn’t exist.

Home

Search results

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Single Sign-On (SSO) with Microsoft Entra ID

Introduction

Overview

Integration Models

Option 1 – Kivo-Managed App Registration (Recommended)

Option 2 – Customer-Managed App Registration

How Authentication Works

Configuration Steps (Kivo-Managed App)

Step 1 – Identify Your Entra ID Tenant

Step 2 – Grant Admin Consent

Step 3 – Notify Kivo

Post-Configuration Behavior

Related Articles or Next Steps