Connecting Cloud Storage: Azure Blob Storage #
Kolena connects with Azure Blob Storage to load files (e.g. images, videos, documents) directly into your browser for visualization. In this tutorial, we'll learn how to establish an integration between Kolena and Azure Blob Storage.
To get started, ensure you have administrator access within Kolena. Navigate to the "Integrations" tab on the Organization Settings page and click "Add Integration", then "Azure Blob Storage".
Step 1: Create Azure App Registration for Kolena#
Azure Blob Storage integrations load resources using shared access signatures. Kolena generates these signatures using delegated access to these resources. We will generate an App registration for Kolena in Azure and then assign roles to this registration:
- From the Azure portal, search for "App registrations" and navigate to this page
- Click "New Registration"
- Under "Supported account types", select "Accounts in any organizational directory"
- Click "Register" to save the App registration
- Click on the App registration you have created
- Note the "Tenant ID" and "Application (client) ID"
- Click "Certificates & secrets", then "New client secret"
- Click "Add" to save this secret and note the key value
Step 2: Assign Roles to App Registration#
We will assign two roles to the App registration created above:
- Storage Blob Delegator at the storage account level
- Storage Blob Data Reader at the container level
Assign Storage Blob Delegator Role#
- Navigate to the storage account containing your blobs
- Click "Access Control (IAM)"
- Click the "Role assignments" tab
- Click "Add", then "Add role assignment"
- Search for and select "Storage Blob Delegator"
- Click on the "Members" tab, then click "Select members"
- Search for the App registration created in step 1
- Click "Select"
- Click "Review + assign" to save
Assign Storage Blob Data Reader role#
- From the storage account, click "Containers" under "Data Storage" and click on the container containing your blobs
- Click "Access Control (IAM)"
- Click the "Role assignments" tab
- Click "Add", then "Add role assignment"
- Search for and select "Storage Blob Data Reader"
- Click on the "Members" tab, then click "Select members"
- Search for the App registration created in step 1
- Click "Select"
- Click "Review + assign" to save
Step 3: Save Integration in Kolena#
Return to Kolena and fill in the fields for the Integration and then click "Save".
| Field | Description |
|---|---|
| Tenant ID | The Tenant ID of the App registration created in step 1 |
| Client ID | The Application (client) ID of the App registration created in step 1 |
| Client Secret | The secret key for the App registration created in step 1 |
| Storage Account Name | The storage account in Azure you wish to connect to |
| Storage Blob EndpointURL | The endpoint for accessing the storage account. Can be found in "Endpoints" under "Settings" for your storage account. Usually of the form https://<storage-account-name>.blob.core.windows.net |
Appendix#
Provide CORS access to Kolena#
In some scenarios, CORS permissions are required for Kolena to render content from your bucket.
To configure CORS access, navigate to your storage account in the Azure portal and follow these steps:
- Click "Resource Sharing (CORS)" under "Settings"
- Add
https://app.kolena.comandhttps://app.kolena.ioas allowed origins withGETas an allowed method