Archiving To Microsoft Azure Storage – Using Service Principal
Overview
This method allows you to configure YakChat to deposit archived conversation data into your own Azure Storage Account. You will first need to create a Service Principal with a secret, optionally create a custom role, and then assign the Service Principal to the Storage Account.
Archiving To Azure Blob Storage Using Service Principal
Create the Service Principal and Secret
1. Navigate to the Azure Portal and search for Microsoft Entra ID.
2. From the overview make a note of the Tenant ID, this will be used later.
3. On the left hand menu, select App registrations under Manage and then select New Registration.
4. Enter a name for the registration (make a note of this it will be used later), select Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) under Supported Account Types and press Register.
5. From the overview for the newly created App registration make a note of the Application (client) ID, this will be used later.
6. On the left hand menu, select Certificates & secrets under Manage and then select Client secrets and New client secret.
7. Enter a description and expiry duration for the secret and press Add.
8. The newly created secret will be displayed in the Client secrets table, make a note of the Value column now as this will be used later and cannot be viewed again once you leave this screen.
Optional - Create a Custom Role
1. Navigate to the Azure Portal and search for either Subscriptions or Resource groups depending on the scope of the custom role.
2. Select the Subscription or Resource group linked to the Storage account that will be used to store the archive blob files.
3. On the left hand menu, select Access control (IAM) and then select Add > Add custom role.
4. Enter a name for the role (make a note of this it will be used later), optionally enter a description, and select Clone a role as the Baseline permissions, selecting Storage Blob Data Contributor as the Role to clone and press Next.
5. On the permissions screen remove all Permissions except for:
Description | Permission Type |
Returns the result of writing a blob | DataAction |
6. Press Next until the Review + create screen is reached, confirm the details are all correct and press Create.
Assign the Service Principal to the Storage Account
1. Navigate to the Azure Portal and search for Storage accounts.
2. Select the Storage account that will be used to store the archive blob files, make a note of the name of this storage account this will be used later.
3. On the left hand menu, select Access Control (IAM) and then select Add > Add role assignment.
4. Select a Role, either the built in role Storage Blob Data Contributor or the Custom Role created in the previous optional step and press Next.
5. Make sure the User, group or service principal option is selected for Assign access to, and then press Select members.
6. On the Select members flyout search for the name of the App Registration created earlier, select it and press Select.
7. Confirm that the role and member are correct and then press Review + assign, and then press Review + assign again on the confirmation page.
Data Required for the Archiving Configuration
The following details should have been collected throughout this process:
- Tenant ID
- Client ID
- Client Secret
- Storage Account Name
The name of an existing container in the storage account is also required.