Skip to main content
Select Actions to adjust the guide
Some actions may require additional configuration in the provider to be accessible. Choose the actions you need and the guide will be updated.
Action
Scope(s)
Loading actions…
Dynamic Guide URL
Scopes Selected
Separator
You must have at least Application Developer permissions in Microsoft Entra ID to register applications. An administrator must grant consent for the required Azure Storage API permissions.

Register your application in Microsoft Entra ID

Register an application in Microsoft Entra ID to obtain OAuth 2.0 credentials for StackOne.

1

Sign in to Microsoft Entra admin center

Sign in to your Microsoft Entra admin center as at least an Application Developer.

  • If you have access to multiple tenants, click the Settings (gear) icon in the top-right corner, then select the desired tenant from the list under Directory + subscription.
  • Navigate to Identity > Applications > App registrations.
2

Create a new app registration

Click New registration and complete the form.

  • Name: StackOne Azure Blob Storage Integration
  • Select Accounts in this organizational directory only (single tenant).
  • Click Register.
3

Copy the application (client) ID

From the app’s Overview page, copy the Application (client) ID and Directory (tenant) ID and store them securely for use later.

Configure the redirect URI

Register the OAuth 2.0 callback URL so Microsoft Entra can return the authorization code to StackOne.

1

Add the redirect URI

Navigate to Authentication under Manage.

  • Click Add a platform and select Web.
  • Enter the redirect URI: https://api.stackone.com/connect/oauth2/azureblobstorage/callback
  • Click Configure.

Configure API permissions

Grant the Azure Storage delegated permission and admin consent for your application.

1

Add Azure Storage permissions

Enables actions: Abort Copy Blob, Copy Blob, Create Blob Snapshot, Create Container, Delete Blob, Delete Container, Download Blob, Find Blobs By Tags, Get Blob Metadata, Get Blob Properties, Get Blob Service Properties, Get Blob Tags, Get Container ACL, Get Container Metadata, Get Container Properties, List Blobs, List Containers, Set Blob Metadata, Set Blob Properties, Set Blob Service Properties, Set Blob Tags, Set Blob Tier, Set Container ACL, Set Container Metadata, Undelete Blob, Upload Blob

Navigate to API permissions under Manage.

  • Click Add a permission.
  • Select Azure Storage from the list.
  • Choose Delegated permissions.
  • Select user_impersonation to allow access as the signed-in user.
  • Click Add permissions.
2

Grant admin consent

Click Grant admin consent for [tenant name] and confirm to enable the permission for all users.

Assign Azure RBAC roles on the storage account

Entra ID authenticates the user, but Azure Storage authorizes operations via Azure RBAC roles assigned on the storage account. Assign the role that matches the operations StackOne will perform.

1

Assign Storage Blob Data Contributor

Grants read, write, and delete on blobs and containers — required for most StackOne actions.

  • Open the storage account in the Azure portal.
  • Select Access Control (IAM) in the left sidebar.
  • Click Add > Add role assignment.
  • Search for and select Storage Blob Data Contributor, then click Next.
  • Under Members, select User, group, or service principal and click Select members.
  • Search for the OAuth user who will connect StackOne and click Select.
  • Click Review + assign.
2

Assign Storage Blob Data Owner (optional)

Required only if StackOne will use blob tag actions (Get Blob Tags, Set Blob Tags, Find Blobs By Tags). This role is a superset of Storage Blob Data Contributor.

  • Repeat the steps above and select Storage Blob Data Owner instead.

Create a client secret

Generate a secret that StackOne will use to authenticate the app registration against Microsoft Entra.

1

Generate the secret

Navigate to Certificates & secrets under Manage.

  • Click New client secret.
  • Description: StackOne Integration
  • Select an expiration period.
  • Click Add.
  • Copy the secret Value immediately and store it securely for use later — it is only displayed once.

Creating the StackOne Connector Profile

To create the Connector Profile in StackOne for Azure Blob Storage:
1

Navigate to Connector Profiles

Login to StackOne and navigate to Connector Profiles
2

Create New Connector Profile

  • Click + Connector Profile
  • Search for and select Azure Blob Storage
  • Select Type as OAuth 2.0 (Entra ID)
  • Fill out the fields using details retrieved from your provider:
    • Tenant ID
    • Client ID
    • Client Secret
    • Scopes (Optional)
  • (Optional) Select Actions to be enabled for this Connector Profile
  • Click Create profile
Congratulations! The new Connector Profile will now show up in your project ready to be used. You can now continue to Link Accounts for Azure Blob Storage.