Azure Blob Storage configuration

Using V7's external Azure integration, you can keep your data stored within a private Azure Blob Storage storage account. Please note that Azure supports multiple data storage technologies (official list), but this integration uses Blob Storage only.
Check out the diagram here to see how this integrations works in general, and if you're ready to get started follow our step-by-step instructions to create the integration.


The Azure integration is available on V7's Business and Enterprise plans. You can find out more about what each plan includes on our pricing page.

Read / Write access


The V7 to Azure integration works only if you have a public endpoint.

To setup storage access, first we need to add V7's application service principal to your account. This can be done with CLI with a single command (the ID below is our darwin-storage multi-tenant application ID):

az ad sp create --id 95e63529-38cc-435c-b247-32a1d62f321d

After this is done, we need to add relevant roles for V7's darwin-storage service principal that is now available in your tenant:

  • Read via Storage Blob Data Reader
  • Write via Storage Blob Data Contributor (optional)

If you don't need Darwin to process images after they are uploaded (e.g. generate thumbnails, split video frames etc), then you can leave out the Write access via Storage Blob Data Contributor.


Payload Signing Permissions

The Storage Blob Data Reader and Storage Blob Data Contributor permissions at container level are sufficient to process and write thumbnails, hq and lq files but sometimes they are not sufficient to permit signing the payload needed to view these files in V7. In this case it is recommended to add the Storage Blob Delegator or Storage Blob Data Reader at storage level.

Note: Although this permissions is set at storage level, it can be limited to a single container.

If you have conditional access for your Azure storage account, you will need to whitelist the V7 Server IP addresses. If so, please get in touch with our Support team through V7 to get the list & discuss this further.

CORS access

When annotators are requesting images to annotate, they will load them directly from your storage account via a presigned url. However since that storage account sits on a different domain than a CORS header needs to be configured.

This can be configured via UI or with CLI:

az storage cors add --methods 'GET' --origins '' --allowed-headers '*' --services b --account-name {storage-account-name}
az storage cors add --methods 'PUT' --origins '' --allowed-headers '*' --services b --account-name {storage-account-name}


When this is all setup, please message [email protected] with the following details:

  • Storage account name
  • Tenant ID
  • Prefix: A folder in your container where thumbnails can be uploaded if needed. This must be in the format: 'container-name/folder-name'
  • Your team name

And we will turn on the external access for your team.


Additional Storage Integrations

If your subscription includes additional storage integrations then these can be added by going to your 'Settings' -> 'Storage' and adding the details above to a 'New Storage Integration'.

These can be added without speaking to our Support team although we encourage you to speak with us if you have any questions.


Item Registration

Remember when registering items to include both the path to the item as well as the container name in the key e.g. example_container/example_folder/example_file.jpeg



For frequently asked questions on Azure Blob Storage configurations, please refer to our FAQ page.

If you encounter any issues or have any questions feel free to contact us at [email protected]


Below is a step-by-step demo of how to set up Azure storage with V7.