# Microsoft Azure {% hint style="warning" %} **Note**: This guide outlines a reference configuration; specific steps may vary due to provider updates or your organization's security policies. Please share feedback if you encounter any discrepancies that prevent a successful setup. {% endhint %} ## Set up Azure Blob Storage Integration To enable Open Loyalty to export data directly to your Azure environment, you must create a Storage Account and a Container, and generate a SAS (Shared Access Signature) token that allows write access. ## **Prerequisites** * A Microsoft Azure account with an active subscription. * Permissions to create Resources and Storage Accounts. ## 1. Create the Storage Account {% stepper %} {% step %} Log in to the **Azure Portal**. {% endstep %} {% step %} In the search bar at the top, type **Storage accounts** and select it. {% endstep %} {% step %} Click **+ Create**. {% endstep %} {% step %} Fill in the **Project details** and **Instance details**: * **Subscription**: Select your subscription (e.g., "Pay-As-You-Go"). * **Resource group**: Select an existing group or click Create new (e.g., `rg-openloyalty`). * **Storage account name**: Enter a globally unique name (lowercase only). * *Example:* `olstorageexport` * **Region**: Choose the region closest to your operations. * **Performance**: Standard. * **Redundancy**: Locally-redundant storage (LRS) is sufficient. {% endstep %} {% step %} Click **Review + Create**, then click **Create**. {% hint style="info" %} Note: Deployment may take approximately 20 seconds. {% endhint %} {% endstep %} {% endstepper %} ## 2. Create a Blob Container {% stepper %} {% step %} Once the deployment is complete, go to your new **Storage account**. {% endstep %} {% step %} In the left sidebar, under **Data storage**, click **Containers**. {% endstep %} {% step %} Click **+ Container**. {% endstep %} {% step %} Configure the container * **Name**: Enter a name (e.g., `open-loyalty-exports`). * **Public access level**: Set to Private (no anonymous access). {% endstep %} {% step %} Click **Create**. {% endstep %} {% endstepper %} ## 3. Generate a SAS Token You must generate a SAS token specifically for the Container (not the whole storage account) to ensure the correct permissions. {% stepper %} {% step %} Inside your Storage account menu, navigate to **Data storage → Containers**. {% endstep %} {% step %} Click on the container you just created (e.g., `open-loyalty-exports`). {% endstep %} {% step %} In the container menu, click **Shared access tokens**. {% hint style="danger" %} **Important**: Ensure you are in the *Container's* "Shared access tokens" menu, not the Storage Account's menu. {% endhint %} {% endstep %} {% step %} **Permissions**: Check only the following boxes: * **Write** * **Add** * **Create** * *(Do not check Read or Delete unless specifically required for your internal auditing).* {% endstep %} {% step %} **Start and expiry date/time:** * **Start time**: Set to "Now" (or 5 minutes in the past to avoid clock skew issues). * **Expiry date**: Set this to a date far in the future (e.g., 1 year or more). {% hint style="warning" %} **Note**: If the SAS token expires, data exports will fail immediately until a new token is generated and updated in Open Loyalty. {% endhint %} {% endstep %} {% step %} Click **Generate SAS token and URL**. {% endstep %} {% endstepper %} ## 4. Submit Configuration to Open Loyalty Azure will generate a **Blob SAS URL** and a **SAS Token**. You must share the **Blob SAS URL** (which includes the token, SAS Token starts with `?sv=...`) with the Open Loyalty team. {% hint style="danger" %} **Do not send** the credentials directly via email. {% endhint %} {% stepper %} {% step %} Copy the **Blob SAS URL** from the Azure portal. {% endstep %} {% step %} Upload the `.json` file (or paste its contents) to a secure file exchange platform (e.g., Bitwarden Send, Proton Drive, or 1Password). {% endstep %} {% step %} Generate a secure link. {% endstep %} {% step %} Send the secure link to the Open Loyalty team along with the **Name of the Blob Container**. {% endstep %} {% endstepper %}