# Connecting with Azure storage

To connect your Azure storage with Mindkosh and add data, you first need to add your Azure credentials.

{% hint style="warning" %}
When connecting your own Cloud service account with Mindkosh, please note that data egress charges may be applicable on your Cloud storage account. Please check with your cloud provider for more details. 
{% endhint %}

### Creating credentials for Azure

The recommended method to connect your storage with Mindkosh is through the use of *Azure Active Directory* (also called *Azure Entra ID*). To create credentials you need to do the following:

1. Create a resource group if you don't already have one.  [Follow the steps outline here](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal).
2. Create a storage account, if you don't already have one. [You can follow the steps here.](https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview)
3. Create a storage container, where your data will be stored. [Follow the steps here](https://learn.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-portal).
4. Create a service user via  Azure active directory by registering a new app. [Here is a guide to doing this](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app).
   1. Once the app is registered, you can create credentials to access it. We need the following tokens to access your storage data, so please keep them handy for the next steps.
      1. client-id
      2. client-secret
      3. tenant-id\ <br>

         <div data-full-width="true"><figure><img src="https://4219847035-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FaFKXVbOeJ2H3b8HBGVBG%2Fuploads%2FH3HnaOj7m1LeqpQ5jQlt%2Fadding-azure-credentials-to-mindkosh.jpg?alt=media&#x26;token=86f20767-84ed-47fc-9f24-6724cecca4d6" alt=""><figcaption></figcaption></figure></div>
5. Assign role based access policy for the user which includes access to relevant buckets. You can learn more about various ways in which you [can do this here](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=delegate-condition). For example, if you want to grant access at the container level:
   1. Go to the storage container
   2. Go to the IAM section from left sidebar
   3. Click on Add role assignment
   4. Add the role *Storage Blob Data Reader* and the application created above

### Setting CORS

In order to enable the browser to directly fetch the files from your cloud storage, you will need to set the right CORS policy on the bucket, so the browser does not block loading the files. Here is how you can do it for a container on Azure.

<figure><img src="https://4219847035-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FaFKXVbOeJ2H3b8HBGVBG%2Fuploads%2FdDWGdQRW2hLuMQQr9Tpt%2Fmindkosh-setting%20cors-azure.jpg?alt=media&#x26;token=be63ed4e-178e-47b2-9b2c-2b1423c19ac8" alt=""><figcaption></figcaption></figure>

1. Go to the container page
2. Go to the CORS page in the Settings section in the left sidebar
3. Set the following values
   1. Allowed origins : `app.mindkosh.com`
   2. Allowed methods: `GET`
   3. Allowed headers: `*`
   4. Exposed headers: `content-length`
   5. Max-age: `120`

## Add credentials to Mindkosh

{% hint style="danger" %}
Only organization admins can add cloud storage credentials on Mindkosh&#x20;
{% endhint %}

With the permissions setup, we are now ready to add the credentials to Mindkosh. To add cloud storage credentials, go to the Organization page from the left sidebar on Mindkosh.&#x20;

<figure><img src="https://4219847035-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FaFKXVbOeJ2H3b8HBGVBG%2Fuploads%2F7NigpzmfdEMsIqUnmOHo%2Fimage.png?alt=media&#x26;token=30c4ea19-bb9b-40e9-831e-09b3d5b8d6bc" alt=""><figcaption></figcaption></figure>

Click on the Manage Keys button in the MS Azure section, and enter the following keys in the appropriate boxes:

1. `client-id`
2. `client-secret`
3. `tenant-id`&#x20;

Once the credentials are setup, you can create a dataset to add data from your storage. [Checkout the steps mentioned here to do this.](https://docs.mindkosh.com/management/uploading-data#adding-data-from-ms-azure)