Configure an Azure Storage connection
Configure the Azure Storage connection to import documents from Azure Blob Storage into TotalAgility, process them, and export them back to the Azure Blob Storage. You can configure more than one integration. You can also store the access keys in a key vault.
-
Navigate to
.
The Azure Storage page appears.
-
Click
New.
The New Azure Storage configuration dialog box is displayed.
-
Enter an
ID for the Azure Storage connection. The system identifies the Azure Storage
connection with this ID.
You cannot edit the ID once the configuration is saved.
- In the Display name box, enter a name for the connection, such as MyStorage.
-
On the
Authorization type list, select one of the following authorization types and
configure.
-
Account access key (default): Azure provides two "Access Keys" that can be used to connect to the Storage Account. You can use either of these account access keys. It is important to safeguard the access keys, as they grant full control over the associated storage account and its data. You can also store the access keys in a key vault. The user provides the secret, and a process is executed to retrieve the actual key. You can regenerate the keys and deny access to anyone using the older key value. Configure the following details.
Storage account name Enter your Azure Storage account name.
Authentication Select either option.
-
Local: In the Account access key box, enter the primary or secondary access key.
-
External: In the Account access key secret box, enter the access key secret string (the secret value that is used to retrieve the access key from external storage).
-
-
Microsoft Entra authorization token: This type of authorization allows you to select an OAuth server which then returns an OAuth access token that can then be used to access the storage account. Configure the following details.
Storage account name Enter your Azure Storage account name.
OAuth server Select an OAuth server.
-
Shared access signature: This type of authorization provides more granular time-limited control over access permissions and can be scoped to individual containers, blobs, files, or queues within the storage account.
Configure the following details.
Authentication Select either option.
-
Local: In the Blob service SAS URL box, enter the SAS URL that provides temporary access to Azure Storage resources with limited permissions and time frame.
SAS URL is a secure way to grant access to resources without compromising the storage account key.
-
External: In the Blob service SAS URL secret box, enter the SAS URL secret string (the secret value that is used to retrieve the access key from external storage).
To configure the Azure storage connection in TotalAgility using Shared Access Signature (SAS) authorization, the following permissions are required for the SAS URL generated in Azure storage to function in TotalAgility:
-
Allowed services: Blob
-
Allowed resource types: Container and Object
-
Allowed permissions: Read, Write, Delete, and List.
-
-
-
Click
Test connection.
On a successful connection, "The Azure Storage configuration is successfully connected" message is displayed.
-
To save the configuration, click
Save.
The configuration is saved, and listed on the Azure Storage page.