/
Prerequisites for Azure Active Directory

Prerequisites for Azure Active Directory

This section describes the prerequisites required to configure Azure Active Directory (Azure AD) with Kyvos, including the necessary Azure AD details and permissions needed to enable LDAP-based authentication for users in Kyvos.

Permissions required in Azure Active Directory (AD): The service principal provided for the Kyvos application will need the following permissions to access the Azure AD.

API / Permissions name

Type

Description

Admin consent required

Directory.Read.All

Application

Read directory data

Yes

 User.Read

Delegated

Sign in and read user profile

No

To grant this permission to the client ID, the following steps can be followed:

  1. On the Azure portal, navigate to Home > App Registration and select the App for Kyvos.

  2. Under API permissions, click Add a permission, and then click Microsoft Graph.

    image-20260206-114519.png

  3. On the Request API permissions dialog box, select the Application Permissions option.

    image-20260206-114643.png

  4. On the Select Permissions area, search for directory and select the Directory.Read.all option from the results.

  5. Click Add Permissions. The permission is required for Kyvos to read from the Azure AD.

    1. Directory.Read.All: To read directory data

      image-20260206-114947.png

    2. User.Read: To sign in and read user profile

      image-20260209-075815.png

Copyright Kyvos, Inc. 2025. All rights reserved.