Microsoft Azure Blob Storage

Who can use this feature?
- Available with Data Direct.
- Requires an admin or architect role to configure. 

Introduction

Microsoft Azure Blob Storage is an object storage service offering industry-leading scalability, data availability, security, and performance. With our Data Direct integration, you can sync Fullstory's structured, behavioral event data directly to Azure Blob Storage so it can be ingested into Azure Data Factory or other pipelines.

 

Enabling the Azure Blob Storage integration

Manual Configuration

Notes:
- Fullstory should only be granted access to read/write the data that we will be managing as part of this sync.

Blob Storage Setup Instructions

Step 1: Create a Storage Account

You can create a new Storage Account by navigating to Storage Accounts.

  1. Select Create.
  2. Name your subscription and select instance details depending on your preferences.

Step 2: Create a Blob Storage container

  1. Navigate to Data Storage > Containers.
  2. Click Add Container.
  3. Choose the desired name. This will act as the top-level directory for Fullstory Blob Storage syncs.

Setup Roles and Policies

Fullstory uses Azure Federated Identity Credentials on Azure Managed Identities to provide authentication for our Google Service Accounts to upload data securely. These roles should not be permitted to access any other data. The following instructions assume a subscription to an Azure Storage Account.

Fullstory’s services will use these federated credentials to assume the roles with Fullstory service account IDs listed below.

  1. Navigate to Managed Identities and select create.
    1. Use an existing Resource Group or create new as desired
    2. Ensure roles are set for either owner or contributor of the managed identity.
  2. Configure federated credential on your managed identity. Use either the Azure Portal or the Azure Command-Line Interface (AZ CLI) to create federated-credential using the following Fullstory service account IDs:

For North American customers:

116984388253902328461

For European customers:

107589159240321051166
    1. Option 1 (Azure Portal):
      1. Navigate to Managed Identities.
      2. Add a Role Assignment
        1. Select the desired identity and click Add Role Assignment.
        2. Select Storage scope.
        3. Select the resource of the Storage Account (corresponding to the Storage Container created in Blob Storage Setup Instructions above).
        4. Set Role as Storage Blob Data Contributor.
      3. Create federated credential on the managed identity to allow Fullstory’s GCP services to authenticate blob storage syncs.
        1. Click Settings > Federated credentials.
        2. Click Add Federated Credential.
        3. Click "Other" for Federated credential scenario.
        4. Set Issuer URL as https://accounts.google.com.
        5. Set Subject identifier as the Fullstory service account ID for the desired environment listed above.
        6. Keep Audence as api://AzureADTokenExchange and provide a name for the credential.
        7. Click Add.
    2. Option 2 (Azure Command-Line Interface):
      1. Install the Azure CLI.
      2. Run federated-credential creation using Fullstory’s service account IDs from above.
      3. az identity federated-credential create --name myIdentityCredentialName --identity-name myIdentityName --resource-group myResourceGroup --issuer https://accounts.google.com --subject <Unique ID for Google service account> --audience api://AzureADTokenExchange

Setting a network exception (optional)

In some cases, Azure Storage Accounts are only enabled from selected virtual networks and IP addresses. To allow-list Fullstory to connect to the provided Azure instance, the CIDR block for the IP addresses can be used:

  • NA: 8.35.195.0/29
  • EU: 34.89.210.80/29

To create the network policy and apply it to the Fullstory Azure user, follow these instructions:

  1. Navigate to your Storage Account.
  2. Click on Security + Networking > Networking.
  3. Under Firewall > Address Range, add the CIDR block from the list above.

 

Enabling the Azure Blob Storage Integration in Fullstory

Now that all of the resources have been created, all that is left is to provide Fullstory with the correct identifiers to make a secure connection to load data.

  1. In Fullstory, navigate to Settings > Integrations > Destinations.
  2. Click Install next to the Azure Blob Storage OptionScreenshot 2024-09-30 at 10.04.33 AM.png
  3. Using the values recorded in the previous steps, fill in the form.Screenshot 2024-09-30 at 10.06.05 AM.png
  4. Click Save.

After saving, data will flow into your storage container path within an hour.

 

FAQ

Can you set up more than one data destination in your account?
Yes. Repeat setup steps for different destinations as needed. 


Was this article helpful?

Got Questions?

Get in touch with a Fullstory rep, ask the community or check out our developer documentation.