Adding Blob storage in eShare
This Document will provide the admin with a step-by-step guide to create a Blob storage account, add it in eShare web portal and create a sharing policy for this Blob storage.
Creating the Blob Storage Account
To add a blob storage account in eShare we will first need to create one in Azure.
- In the Azure Portal, go to All services > the Storage category > Storage accounts.
- Under Storage accounts, select Add.
- In the Subscription field, select the subscription in which to create the storage account.
- In the Resource group field, select an existing resource group or select Create new, and enter a name for the new resource group.
- In the Storage account name field, enter the name for the account. Note the following guidelines:
- The name must be unique across Azure.
- The name must be between three and 24 characters long.
- The name can include only numbers and lowercase letters.
- In the Location field, select a location for the storage account, or use the default location.
6. Click Next for all other options, leaving them as default, and then select Create.
Creating Mail-enabled security group
Once we have created our Blob storage, we will need to create a Mail-enabled Security group to access it.
- As an Organization Administrator log in to MS 365 admin center and navigate to Teams & Groups>Active teams & groups>Security Groups>Add mail-enabled security group.
- Type the name of the Mail-enabled Security group and select Next.
3. Assign the owners to manage the group and then select Next.
4. Add members that can access the group.
5. Create a group email address and then select Next.
6. Create the group.
Creating a container
Once the Blob storage creation is complete, we will need to create a container for the data to land.
- Navigate to the newly created Blob storage and create a container.
Adding Blob storage in Cloud Web Portal
Once we have created our Blob storage, we will need to add it in eShare’s CWP (Cloud Web Portal) so we can begin utilizing the new storage account.
- As an Organization Administrator log in to CWP and navigate to Admin Console tab.
- Navigate to Azure Blob Settings and select Add Blob Storage,
3. Here you will need to add the information for the Blob storage account we created earlier in Azure.
-
- The Name* field is the name the storage account will have in eShare.
- The Account name* is the name you assigned to your Blob storage during its creation in Azure
- The Account key* required for the Blob Storage, is located in Azure under Security + networking > Access Keys.
4. Once you have verified all the fields are populated correctly go ahead and click save account.
The new blob storage should appear in the list and be ready for use.
In the case of having multiple blob storage accounts and a different account is in use already, you will need to disable the account in use by selecting it and clicking the disable button.
Note: Only ONE Azure Blob storage account can be active at any time.
Also if you want to use the Share-With-Me link functionality you will need to enable it by going to Azure Blob Settings>Select the Blob Storage account>Click on Enable SWM.
Adding the user group to access the Blob storage.
Once we have added our Blob storage in CWP, we will need to add the user group that we want to have access to the Blob storage.
- As an Organization Administrator log in to CWP and navigate to Admin Console tab.
- Navigate to Azure AD User Group and select Add Group.
- Select Add Group>Search Org for Groups>Type the name of the group>Select Cloud Provider – Blob>Add Group
Creating a sharing policy for the Azure Blob
Organization’s administrator will need to set a sharing policy that will be used with the new endpoint. They can set the options that would like to use for the TS, e.g. download, view, login and/or pin required and expiration. An Azure icon denotes that this policy will be used as the blob policy.
Depending on the needs, the options can be set accordingly. Download or view options and expiration duration are mandatory. This type of shares does not support the upload, delete and secure conversation options.
Enabling MFA access (through OTP) option
If you set up the policy to require OTP, then you should also enable the “Require login and/or one-time password”
By enabling this option, you must provide each recipients a telephone number in international format, e.g., +30697xxxxxxxxxx or an email that the OneTimePassword will be delivered to. The email can be different from the one the TS notification will be delivered to.
Assigning the Blob policy to the newly added group.
- As an Organization Administrator log in to CWP and navigate to Admin Console tab.
- Navigate to Azure AD User Group, select the group, under Actions click on the 3-dot menu and select Assign Sharing Policy.
3. Select the Blob Sharing Policy and click on Save.