Skip to content

Authentication via Microsoft Entra ID for Azure Storage

The following article shows how to connect to the Azure Storage destination using Authentication via Microsoft Entra ID (formerly Azure Active Directory). The article leads you through the following process:

  1. Register a new app with your Entra ID tenant.
  2. Assign access rights for the new app in Azure Storage using the Storage Blob Data Contributor role.
  3. In Xtract Universal, connect to Azure Storage using the Microsoft Entra ID method.

App Registration

Follow the steps below to register a new app with your Entra ID tenant:

  1. Open the Azure portal and navigate to App Registrations.
  2. Click [New registration] to register a new app with your Entra ID tenant.
    azure-app-new-registration
  3. Enter the name of the application.
  4. In the Redirect UI section, select Public Client /native (mobile and desktop) and assign https://login.microsoftonline.com/common/oauth2/nativeclient as the redirect URI.
  5. Click Register.
    azure-app-registration
  6. Open the new application and navigate to API Permissions > Add a permission > Azure Storage.
    azure-app-permission
  7. Click Grant admin consent.
    azure-app-grant-permission

Access Rights in Azure Storage

Follow the steps below to assign access rights for the new Azure app in Azure Storage using the Storage Blob Data Contributor role:

  1. Open the Azure portal and navigate to Access Control (IAM).
  2. Click [Add role assignment].
    azure-storage-role-assignment
  3. Select the Storage Blob Data Contributor role and click [Next].
    azure-storage-role
  4. Click + Select members and add the new Azure app created in App Registration to the members.
    azure-storage-members
  5. Click [Next] to continue, then click [Review + assign] to assign the access rights.
    azure-storage-review+assign

Connect to Azure Storage

Follow the steps below to connect Xtract Universal to the Azure Storage destination using Authentication via Microsoft Entra ID:

  1. Open Xtract Universal and create a new Azure Storage destination or edit an existing destination.
  2. Select the connection type Azure active directory.
  3. Enter the name of your storage account.
    azure-destination-in-xu
  4. Copy and paste the Application (client) ID and the Directory (tenant) ID from the Azure app created in App Registration.
    azure-info
  5. Click [Connect]. The window "Azure OAuth 2.0" opens.
  6. When prompted, pass your Active Directory credentials and click [Accept].
    azure-auth-in-xu
  7. If the connection is successful, a "Connection successful" message is displayed in a pop-up window.
Last update: September 13, 2024
Author(s): Bharath Gorapalli, Valerie Schipka