Azure Blob Storage
Ingests blobs from one or more Azure Storage containers. The blob hierarchy is preserved as a folder tree in the workspace.
variant=info text="Cloud storage" variant=secondary text="SAS URL"
What gets ingested
| Element | Mapped to |
|---|---|
| Blob | _FileEntry + _Blob |
Container + virtual folders (/-separated names) |
_Folder hierarchy via _HasChild |
| Blob properties (size, content-type, last-modified) | Properties on _FileEntry |
| Blob content | _Blob — text/OCR extraction in the background |
Authentication
- Type: Shared Access Signature (SAS) URL with at least List and Read permissions.
- The connector validates the SAS scope on save and refuses to start if write or delete is granted (least-privilege).
Access control mapping
| Source | Carried into the graph? |
|---|---|
| Azure RBAC on the container | No — not enumerated by the connector. |
| Public-anonymous containers | Yes — public blobs are mapped to _AccessGroup.Public. |
| Configured workspace permissions | Yes — PermissionsSetting from the integration form is applied to every ingested file. |
flowchart LR
SAS[(SAS URL)] -->|sign blob requests| C[Connector]
C -->|ListBlobs| Container[(Azure container)]
Container --> C
C -->|_FileEntry + _Blob + _Folder| G[(Graph)]
PSet[PermissionsSetting] -.->|admin-configured| AG[Access groups]
AG --> G
Sync cadence
- Default cron:
0 23 * * *(daily at 23:00 UTC). - Incremental sync: size and last-modified change detection — unchanged blobs are skipped.
Notable
- The connector creates the folder hierarchy on demand from the blob name — no need for an explicit container "directory" concept.
- Public-access containers can be ingested without any SAS — leave the credential blank.