Skip to main content
Feedback

Azure Blob

The Azure Storage connector can access both Azure Blob Storage and Azure Data Lake Storage Gen2 because they share the same infrastructure. The key difference is whether Hierarchical Namespace (HNS) is enabled on the Storage Account.

  • When HNS is enabled, the storage behaves like a Data Lake with true folder hierarchy, allowing you to validate if folders exist and maintain persistent folder structures.
  • When HNS is disabled, the system treats folders as virtual paths within Blob Storage. This means that empty folders will not persist, and you cannot validate the existence of folders.

The same connector supports both configurations, automatically adapting to the Storage Account settings.

To create an Azure Blob endpoint, follow these steps:

  1. Click Organizations.
  2. Select an organization.
  3. Click Endpoints.
  4. Click Add Endpoint.
  5. In the Endpoint Name field, enter the name.
  6. Select Azure Blob from the Type drop-down.
  7. Select one of the following from the Auth Type list:
    • Connection String
    • Access Key
    • Share Access Token
    • Azure M2M (Client Credentials)
    • External IDP M2M (Workload Identity Federation)
  8. Define the Container Name or Container URL depending on the Auth Type you select.
  9. Define the Connection String, Storage Account Name, or Shared Access Token depending on the Auth Type.
    To configure your external identity provider, refer to External Identity Provider Authentication section.
  10. Enter a description for the endpoint.
  11. Click Save.

External Identity Provider Authentication

If you select the external identity provider authentication methods, Azure M2M (Client Credentials) or External IDP M2M (Workload Identity Federation), you must configure the following settings:

  • Azure M2M (Client Credentials)

    • Azure Tenant ID
    • Azure Client ID
    • Azure Client Secret

  • External IDP M2M (Workload Identity Federation)

    • Azure Tenant ID
    • Azure Client ID
    • Token Endpoint URL
    • IDP Client ID
    • IDP Client Secret
    • IDP Scope

For more information, refer to Azure Blob - External Identity Provider Authentication.

caution

Using MFT's SaaS service for outbound connections might require the allowlisting of our IP addresses by the respective target endpoints. This proactive step ensures seamless and secure communication, allowing our service to reliably interact with designated external systems and deliver optimal performance.

On this Page