Azure Delegated Access client request flow

Step 1: Get tenant ID and Container URL

Navigate to your Azure blob storage container that you want to use with Labelbox.

Navigate to Azure Active Directory, and select the desired tenant you want to use with Labelbox.

Copy Tenant ID from Azure Active Directory

Step 2: Create Azure integration in Labelbox

Navigate to Integration and create an Azure integration
Enter the details from Step 1
If it's a first-time setup, please follow instructions under "Attach roles" to add Labelbox to your Azure tenant

Screen Shot 2021-09-24 at 6.35.47 PM.png

Screen Shot 2021-09-24 at 3.42.47 PM.png

🚧
Azure can take few hours to create this service principal once you hit “Accept”.
If you are not sure about the creation, confirm by searching for the application using these steps

Step 3: Grant the permissions to Labelbox app

Now, you must assign roles to the Container and its parent Storage Account.

Permissions	Resource
Storage Blob Delegator	Parent Storage Account
Storage Blob Data Reader	Container

Storage Blob Delegator

Navigate to Access Control (IAM) page within your Storage Account. Note that this is the parent resource within which Containers exist.
Click "Add role assignment", Add Storage Blob Delegator and assign to Labelbox Delegated Access app.

Access Control (IAM) page for Storage Account

Storage Blob Data Reader

Navigate to Access Control (IAM) page within your Container.
Click "Add role assignment", Add Storage Blob Data Reader and assign to Labelbox Delegated Access app.

📘
RBAC changes can take upto 30 mins
If you are running into any issues such as the dataset not loading in Labelbox, it is likely that the permissions are not applied correctly. Any changes you make can take up to 30 mins to take into effect. Learn more.

Step 4: Validate the integration

Screen Shot 2021-09-24 at 5.02.37 PM.png

📘
Example Azure URL
Ensure that you are using Azure URLs when creating datasets. Read Azure docs to learn how to generate blob URL in a container.
https://labelboxdatasets.blob.core.windows.net/datasets/geospatial/001.jpg

Step 5: Ensure CORS Headers are set appropriately

Follow these steps to set the CORS Headers

Now proceed to generate JSON file containing Azure Blob Storage URIs.

Step 6. Upload data

Now that the connection is established, use the SDK to connect data to Labelbox. Use the recipe below to adding data from a container.

Azure Delegated Access

Open Recipe

Microsoft Azure Blob Storage

Step 1: Get tenant ID and Container URL

Step 2: Create Azure integration in Labelbox

🚧
Azure can take few hours to create this service principal once you hit “Accept”.

Step 3: Grant the permissions to Labelbox app

📘
RBAC changes can take upto 30 mins

Step 4: Validate the integration

📘
Example Azure URL

Step 5: Ensure CORS Headers are set appropriately

Step 6. Upload data

Step 1: Get tenant ID and Container URL

Step 2: Create Azure integration in Labelbox

🚧Azure can take few hours to create this service principal once you hit “Accept”.

Step 3: Grant the permissions to Labelbox app

📘RBAC changes can take upto 30 mins

Step 4: Validate the integration

📘Example Azure URL

Step 5: Ensure CORS Headers are set appropriately

Step 6. Upload data

🚧
Azure can take few hours to create this service principal once you hit “Accept”.

📘
RBAC changes can take upto 30 mins

📘
Example Azure URL