Azure Blob Storage

Using your own Blob Storage Container for Datasaur projects

File Key

This attribute will be used when you create a project to tell Datasaur which file should be used. You can get it by using the Blob URL. See the example below.

Blob URL: https://container-name.blob.core.windows.net/storage-account/some-folder/image.jpeg
File key: some-folder/image.jpeg

Setup

By integrating your bucket into Datasaur, you would be able to create projects using your Blob Storage Container as the source for the project files.

1. Configure the Azure Blob Storage integration in Datasaur Team Settings

Open any team Workspace (not your individual one), then go to Settings > Integrations which accessible from the sidebar.
Click on the add button which will show the form and select Azure Blob Storage.
Follow the explanations below for getting both the Tenant ID and Storage Container URL. Datasaur needs both values to make the appropriate request to your preferred storage.
Do not close this form throughout the process. We will get back to it in a moment.

2. Getting the Tenant ID

Go to your Azure Entra ID from the Azure portal.
Under the Overview tab, copy the Tenant ID attribute.

3. Getting the Storage Container URL

Go to the Storage Account page from the Azure portal.
Create or select a Storage Account.
From the sidebar, click on Data Storage > Containers menu, then create or select a Blob Storage Container.
Under the Settings section, click on Properties, then copy the URL.

4. Add Datasaur to Azure tenant

You must have at least the Privileged Role Administrator to grant consent to App Registrations for delegated access.

If it's the first time you integrate Azure Blob Storage on Datasaur, click the Add Datasaur to Azure tenant button to grant consent for Datasaur's App Registration to your tenant. If you already do this before, you can skip this step.
Continue the process on a new tab and authorize the Datasaur app. Note that you need Admin permission to do this.

5. Configure CORS

Go to your Storage Account on the Azure portal, find the Settings section on the sidebar, then click Resource sharing (CORS).
Add a new entry with the following fields so that Datasaur app is allowed to access your resource:
1. Allowed origins: https://app.datasaur.ai
2. Allowed methods: GET, POST, PUT, DELETE
3. Allowed headers: *
[Optional, depending on your situation] If you have security settings that restrict access for your Storage Account, you need to add Datasaur's IP address to the firewall whitelist.
1. Go to your Storage Account on the Azure portal, then find the Networking section under Security + Networking.
2. Select Enabled from selected virtual networks and IP addresses for the Public network access setting.
3. In the firewall settings, add the following IP address: 107.22.228.65
4. Save the settings.

6. Grant role assignments to Datasaur's Service Principal

Still in the Storage Account, find Access Control (IAM) on the sidebar.
Click on Add > Add role assignment.
Select Storage Blob Data Contributor, then click Next.
In Assign access to, click on User, group, or service principal, then click select members.
Search for datasaur-object-storage-integrator (you cannot see the service principals from the list, you must search for them), then add it. This step will not be available if you haven't added Datasaur to your Azure tenant above.
Click Next, then Next again on Conditions.
Click on Review + assign.

7. Finish the integration form

Go back to the Datasaur app, where the fields are already filled on the previous steps.
You can go ahead click the add storage button or check connection first. Note that add storage will automatically do the check connection in the background.

Now, Datasaur can access files from or export files into your Azure Blob Storage directly.

Last updated 5 months ago

Azure Blob Storage

Using your own Blob Storage Container for Datasaur projects

File Key

This attribute will be used when you create a project to tell Datasaur which file should be used. You can get it by using the Blob URL. See the example below.

Blob URL: https://container-name.blob.core.windows.net/storage-account/some-folder/image.jpeg
File key: some-folder/image.jpeg

Setup

By integrating your bucket into Datasaur, you would be able to create projects using your Blob Storage Container as the source for the project files.

1. Configure the Azure Blob Storage integration in Datasaur Team Settings

Open any team Workspace (not your individual one), then go to Settings > Integrations which accessible from the sidebar.
Click on the add button which will show the form and select Azure Blob Storage.
Follow the explanations below for getting both the Tenant ID and Storage Container URL. Datasaur needs both values to make the appropriate request to your preferred storage.
Do not close this form throughout the process. We will get back to it in a moment.

2. Getting the Tenant ID

Go to your Azure Entra ID from the Azure portal.
Under the Overview tab, copy the Tenant ID attribute.

3. Getting the Storage Container URL

Go to the Storage Account page from the Azure portal.
Create or select a Storage Account.
From the sidebar, click on Data Storage > Containers menu, then create or select a Blob Storage Container.
Under the Settings section, click on Properties, then copy the URL.

4. Add Datasaur to Azure tenant

You must have at least the Privileged Role Administrator to grant consent to App Registrations for delegated access.

If it's the first time you integrate Azure Blob Storage on Datasaur, click the Add Datasaur to Azure tenant button to grant consent for Datasaur's App Registration to your tenant. If you already do this before, you can skip this step.
Continue the process on a new tab and authorize the Datasaur app. Note that you need Admin permission to do this.

5. Configure CORS

Go to your Storage Account on the Azure portal, find the Settings section on the sidebar, then click Resource sharing (CORS).
Add a new entry with the following fields so that Datasaur app is allowed to access your resource:
1. Allowed origins: https://app.datasaur.ai
2. Allowed methods: GET, POST, PUT, DELETE
3. Allowed headers: *
[Optional, depending on your situation] If you have security settings that restrict access for your Storage Account, you need to add Datasaur's IP address to the firewall whitelist.
1. Go to your Storage Account on the Azure portal, then find the Networking section under Security + Networking.
2. Select Enabled from selected virtual networks and IP addresses for the Public network access setting.
3. In the firewall settings, add the following IP address: 107.22.228.65
4. Save the settings.

6. Grant role assignments to Datasaur's Service Principal

Still in the Storage Account, find Access Control (IAM) on the sidebar.
Click on Add > Add role assignment.
Select Storage Blob Data Contributor, then click Next.
In Assign access to, click on User, group, or service principal, then click select members.
Search for datasaur-object-storage-integrator (you cannot see the service principals from the list, you must search for them), then add it. This step will not be available if you haven't added Datasaur to your Azure tenant above.
Click Next, then Next again on Conditions.
Click on Review + assign.

7. Finish the integration form

Go back to the Datasaur app, where the fields are already filled on the previous steps.
You can go ahead click the add storage button or check connection first. Note that add storage will automatically do the check connection in the background.

Now, Datasaur can access files from or export files into your Azure Blob Storage directly.

Last updated 5 months ago