For secure communication with your Azure Storage, Orbitvu utilizes the recommended approach of authenticating via an application Service Principal. By using Microsoft Entra credentials, we generate user delegation SAS tokens, providing an extra layer of security for your data.
To facilitate this secure connection, you are required to create the following resources in your Azure portal:
- An Application Registration along with a generated Client Secret.
- A Storage Account and a Container within it.
After setting up Azure access for Orbitvu, please provide the necessary storage information (for example, your storage account name) in the account settings section of your Orbitvu Cloud.
Application registration
1. In your Azure portal, go to Microsoft Entra ID, then App registrations, and select New registration.
2. Provide a name for the application (e.g., OrbitvuCloud) and click Register.
3. Make a note of the generated Application (client) ID.
4. Create a new Client secret (by clicking on Add a certificate or secret) for this application and record it. To minimize service disruptions, it is recommended to set a secret with a longer validity period.
Storage account
Next, you will need to create a Blob storage account and a container within it. To do this:
1. Navigate to Storage accounts in your Azure portal and click Create.
2. When configuring the storage account, ensure the default storage type is set to Blob storage.
Create container
1. Once the storage account is created, navigate into it and create a new Container (which will be used for your blob data).
Assign role
1. To grant the OrbitvuCloud application (the service principal you created earlier) the necessary permissions, go to Access Control (IAM) within your newly created storage account and click Add -> Add role assignment.
2. In the "Add role assignment" pane, select the Storage Blob Data Contributor role.
3. Click Next
4. For "Assign access to," choose User, group, or service principal. Then, select the OrbitvuCloud application (or the name you gave it) as the member.
5. Click Review + assign to create Role assignment
Configure Azure in Orbitvu Cloud
Visit your profile section in Orbitvu Cloud and then select External storage configuration
You need to provide some information regarding your Azure environment to Orbitvu Cloud. The information necessary is:
tenant_id
You can get the tenant ID from: Microsoft Entra ID -> Overview
application id
Visit App Registrations and select All applications tab. Application (client) ID is show in the second column.
Client secret
Visit App Registrations, select All applications tab -> OrbitvuCloud (or your name of the application) -> Manage -> Certificates & secrets
Storage account name
Visit Home -> Storage accounts and read your storage name
Container name
Visit Home -> Storage accounts, then select your storage account -> Data storage -> Containers, and read your container's name
