Creating an Azure Blob Storage integration
To use remote files in projects, you must first create an integration. Then in each one of your projects, you can define a connector between the integration and the project.
- Only organization admins can manage remote integrations.
- Azure supports multiple data storage technologies. This integration uses Blob Storage only.
You can create an integration from Kili to Azure Blob Storage in two ways:
Adding Kili to your AAD
To perform this step, you must have the rights to an external enterprise application to the IAM. Your role in Azure must be Application administrator.
- Add Kili's application service principal to your tenant.
- Add Kili app by going to this URL:
https://login.microsoftonline.com/<AAD ID>/adminconsent?client_id=5734576c-64d1-49f9-8a12-e3e6bcc9909b
<AAD ID>
is your your tenant id.
Setting up the integration in Kili
-
Click on your name in the top-right corner of the Kili app interface, and then go to Organization Management > Integrations.
-
Click New.
-
Select
Microsoft Azure
. -
Fill in the following:
- Name: name of the integration that you are creating
- Azure Tenant Id: the tenant id of the storage account. You can get it from the Overview page of your Azure Active Directory.
- Azure Storage Url: Follow this pattern:
<STORAGE ACCOUNT>
is the name of the storage account for which you are creating the integration.CONTAINER NAME
is the name of the container for which you are creating the integration.
https://<STORAGE ACCOUNT>.blob.core.windows.net/<CONTAINER NAME>
-
Add Kili’s service principal as a Storage Blob Delegator in the storage account, and Storage Blob Data Reader in the container.
-
Add an entry to your storage account CORS rules, to allow Kili to directly read the signed urls in your bucket (refer to the example screenshot). The allowed origin is
https://cloud.kili-technology.com
and the allowed methods areGET
,HEAD
,OPTIONS
andPATCH
.
You are now ready to synchronize data with a project.
Using service credentials generated once
With this setup, each user has direct access to Azure storage directly from Kili's front-end application. We recommend using it if your Azure storage is not accessible from Kili's backend.
Setting up the integration in Kili
- Click on your name in the top-right corner of the Kili app interface, and then go to Organization Management > Integrations.
- Click New.
- Select
Microsoft Azure
. - Turn on the the Use service credentials instead of Kili's service account toggle.
- Fill in the following:
- Name: name of the integration that you are creating
- Azure SAS Token: the shared access token of the container. You can get it on the Shared Access Tokens page of your container. Under Permissions, select both
READ
andLIST
. - Azure Storage Url: Follow this pattern:
<STORAGE ACCOUNT>
is the name of the storage account for which you are creating the integration.CONTAINER NAME
is the name of the container for which you are creating the integration.
https://<STORAGE ACCOUNT>.blob.core.windows.net/<CONTAINER NAME>
You are now ready to synchronize data with a project.
Updated about 2 months ago