Connect Azure Entra
DataTako allows you to connect Microsoft Azure Entra so user access can be managed automatically. By linking your Entra tenant, DataTako can grant users access based on your existing Entra configuration, such as users and groups. This removes the need to manually manage users in DataTako and ensures access stays in sync with your organization’s identity management.
Please note: you can use Entra connection in conjunction with manually adding users to your DataTako environment!
Step 1 – Connect Azure Entra to DataTako
Navigate to ‘usermanagement’ and click on the Azure icon:
Grant permissions to read the Azure Entra
Press the ‘Grant permissions’ button to allow DataTako to read your Azure Entra users and groups. No write permissions are needed.
After granting permissions, you’ll be redirected back to this page where you can enable and configure the Entra setup.
There are quite some settings to configure. Let’s go through them by segment:
User inclusion & exclusion
| Setting | Explanation |
| Exclude all users marked as ‘guest’ in Entra ID | Enable this setting if you want to exclude guests users to be synced to DataTako |
| Include security groups | Select security group(s) that you want to include in the sync. For example; you want to provide access to everyone in the group ‘sales’ and ‘marketing’. Select those groups here. Entra users from other groups will not be synced to DataTako. |
| Exclude security groups | Use the exclude option if you specifically want to exclude specific groups from being synced. All other groups not selected here will be synced to DataTako. |
User removal policy
What should happen if someone is no longer found in Azure Entra? You can either do nothing, keep them in DataTako (but they aren’t able to login anymore), or delete all data from DataTako.
Onboarding & notifications
You can decide whether DataTako should automatically create a user once it is found in Azure Entra or use just-in-time provisioning, the latter means DataTako creates a user profile on first login.
With the ‘provisioned in advance’ option, you can choose to have DataTako send an activation email once a user has been automatically created. With the second option you need to make sure you provide information to your users on how to login to DataTako.
Role mapping
DataTako has 3 roles (admin, editor, viewer) read more here. This section allows you to map Entra role(s) to DataTako roles. For example, you might want entra users in the ‘admin’ group to be automatically assigned the DataTako admin role as well.
User group management
The final option controls how user group membership is managed. In the next section, you will learn how to link one or more Microsoft Entra groups to DataTako user groups. This allows you to fully manage report access based on the security groups a user belongs to in Entra.
If this option is disabled, you can manually assign Entra users to user groups within DataTako.
If this option is enabled, user group membership is managed exclusively through Entra group assignments. In this case, you can no longer manually assign user groups to Entra users in DataTako—all access is determined by their Entra group memberships.
Step 2 – Link Entra security groups to DataTako user groups
Now that you’ve activated Azure Entra, you can select security groups when creating / updating DataTako user groups, like so:
In the screenshot above, a DataTako user group named Sales reps is linked to the Microsoft Entra group Testgroup DataTako entra. When a user is added to the Entra group in Azure, they are automatically assigned to the Sales reps user group in DataTako. As a result, the user gains access to any reports that are assigned to this user group.
Note: A user group can contain both linked Entra security groups and manually assigned users. This is useful when you want to use a single user group for both Entra managed users and regular (non Entra) users.
This is also helpful when the Enforce user group membership from Entra option is disabled, as it allows you to manually assign Entra users to user groups in addition to managing access through Entra security groups.
