Azure Active Directory documentation: API guide, Authentication
Before you begin, verify that you have set up an OAuth 2.0 connection to Azure. You must register the app to retrieve your client ID, tenant ID, and client secret. Use the following steps to register your app in Azure:
- Log in to the Azure portal.
- Click Add > App registration.
- Name the app and click Register at the bottom of the page.
- Click API Permissions in the left navigation menu.
- Click Add a permission.
- Click Azure Storage on the Request API permissions page.
- Check the user_impersonation checkbox in the Permissions section at the bottom of the page, and click Add permissions.
- Click App roles in the left navigation menu, then click Create app role.
- Create a new app role named Storage Blob Data Contributor (or select it if it has already been created). Verify that the app role has Applications selected in the Allowed member types section, and a Value of
Task.Write
.
- If you encounter an authorization permission mismatch, add the Storage Queue Data Contributor permission.
- When setting permissions, the Contributor permission is required, but if you only want to use only read access you can check the Leave files on server checkbox on the export. This connector does not support files with filenames that contain a forwardslash (/) or a backslash (\), and only supports the first 5000 files in the Container.
A. Set up an Azure Blob Storage connection
Start establishing a connection to Azure Blob Storage in either of the following ways:
- From the Resources menu, select Connections. Then, click + Create connection at the top right.
– or – - While working in a new or existing integration, you can add an application to a flow by clicking a source or destination. In the resulting Application list, select Azure Blob Storage.
B. Describe the Azure Blob Storage connection
Edit the General settings specific to your account and this connection resource.
Name (required): Provide a clear and distinguishable name. Throughout integrator.io imports and exports, you will have the option to choose this new connection, and a unique identifier will prove helpful later when selecting among a list of connections that you’ve created.
Application (required, non-editable): A reminder of the app you’re editing.
C. Supply required Azure Blob Storage account information
At this point, you’re presented with a series of options for providing Azure Blob Storage authentication.
Storage account name (required): Enter the name of the Azure storage account which contains the data you want to access with this connection.
Tenant ID (required): Specify the tenant ID that identifies the Entra ID tenant used for authentication. Log in to Microsoft Azure and click the Overview page for the app you created, and us the value displayed in the Directory (tenant) ID field.
iClient (required): Select the iClient pair that stores the client ID and client secret provided to you by Microsoft Azure. To add an iClient and configure your credentials, click the plus (+) button. Click the edit ( ) button to modify a selected iClient. Be sure to give the iClient a recognizable name for use in any other connections.
Comments
4 comments
Hi Tom,
I'm receiving the authorization permission mismatch when I try to pull a file from the blob. Can you clarify where Storage Queue Data Contributor permission needs to be set? Is this a role on the on the newly created Celigo Azure App? If so, what should the value be set to?
Hi Josh Turner,
You can find instructions on setting permissions at this link.
Best Regards,
Hi Rohit Prasad,
On the Storage Side, I've given both the user (that is signing in through the Celigo Blob Connection) and the App itself Storage Blob Data Contributor and Storage Queue Data Contributor roles. On the App Registration, I have 2 roles called Storage Queue Data Contributor (Value: Task.Read) and another called Storage Blob Data Contributor (Value: Task.Write). I do have a support case opened with Celigo as well regarding this.
Hi Rohit Prasad
The Storage Queue Data Contributor role is just an example in the Microsoft documentation, it has no relevance and cannot be applied to a blob storage container.
Please sign in to leave a comment.