Skip to main content

Is it possible to use Microsoft app registration in Entra ID to connect to Azure BLOB (non-anonymous, for read+write)? I find information on using a key to connect to BLOB--but my IT policy doesn’t allow keys. I need to be able to connect to BLOB from FME Flow.

App registration with Entra ID works w/ connecting to Sharepoint. How about Azure BLOB?

It looks like it’s possible, but the documentation that I find (like this document for the AzureBlobStorageConnector) doesn’t elaborate much.

I want to create a workspace in FME Form that interacts w/ Azure BLOB storage (e.g., list files, maybe download a file, maybe upload a file) and publish that workspace to FME Flow. Use of a key isn’t permitted in my organization, but app registration in Microsoft Entra ID is.

The documentation on doing this sort of thing with Sharepoint is extensive. I’m not seeing something like that for Azure BLOB storage.


Hey @ivanwriter ,

From what I’ve gathered, it is possible to use Entra ID to connect to Azure BLOB Storage.

The minimum requirements are:

To use the Entra ID authorization, you will need to install Azure CLI . Once the CLI is installed, log in through the command prompt.

Next, in your workspace, under the AzureBlobStorageConnector parameters, select Default Azure Credential as the Credential Source, then fill in all the required fields (image attached). This should establish the connection.

Hope this helps!

Emma


Briefly, I got this done (on the FME Form side, not the FME Flow side yet) by:

  1. having my IT dept grant certain Azure BLOB permissions to a Microsoft Entra ID principal (app registration),
  2. in FME Form, creating a Web Connection via Microsoft Azure Storage Service Principal (safe.azurestorage) and plugging in tenant ID, client ID, and secret (from app registration), and,
  3. using the Web Connection in transformer (the Web Connection can theoretically be carried along for the ride to FME Flow, but haven’t gotten that far yet).

Reply