Overview

Pre-built tooling

Pre-built integrations

Access requirements

Setup guide

Useful links

API gotchas

Pre-built tooling

Pre-built integrations

No pre-built integration yet (time to contribute: <48h)
Not seeing the integration you need? Build your own independently.

Access requirements

Pre-RequisitesStatusComment
Paid dev account✅ Not requiredFree, self-signup for a Microsoft account and Azure account.
Paid test account✅ Not requiredFree Microsoft account can be used for testing.
Partnership✅ Not required
App review⚠️ ConditionalRequired only if you want to publish your app to the Microsoft commercial marketplace or if your app needs admin consent for certain permissions.
Security audit✅ Not required

Setup guide

1

Create a Microsoft account and Azure account

If you don’t already have them, sign up for a Microsoft account and an Azure account.
2

Register an application in Microsoft Entra ID

  1. Sign in to the Microsoft Entra admin center as at least an Application Developer.
  2. If you have access to multiple tenants, use the Settings icon in the top menu to switch to the tenant in which you want to register the application.
  3. From the search bar at the top of the Azure portal, search for App registrations and select it. Then choose New registration. Or from your left navigation tab, navigate to Applications > App registrations then choose New registration.
  4. Enter a meaningful name for your application, for example “Nango Integration”.
  5. Under Supported account types, select the appropriate option based on your needs:
    • Accounts in any organizational directory - For multitenant apps that you want users in any Microsoft Entra tenant to be able to use.
    • Accounts in any organizational directory and personal Microsoft accounts - For multitenant apps that support both organizational and personal Microsoft accounts.
  6. Leave the Redirect URI section blank for now; we’ll configure it in a later step.
  7. Click Register to complete the app registration.
3

Note your application (client) ID

After registration, you’ll be taken to the application’s Overview page. Record the Application (client) ID, which uniquely identifies your application and is used in your application’s code as part of validating security tokens.
4

Add a redirect URI

  1. In the left sidebar, select Authentication.
  2. Under Platform configurations, select Add a platform.
  3. Select Web as the platform type.
  4. Enter https://api.nango.dev/oauth/callback as the Redirect URI.
  5. Under Implicit grant and hybrid flows, check the boxes for Access tokens and ID tokens if your application needs them.
  6. Under Advanced settings, set Allow public client flows to No for web applications.
  7. Click Configure to save your changes.
5

Add API permissions

  1. In the left sidebar, select API permissions.
  2. Click Add a permission.
  3. Select Azure Blob Storage to integrate with Azure Blob Storage.
  4. Choose the type of permission:
    • user_impersonation - This allows the application to access Azure Storage on behalf of the signed-in user.
  5. Click Add permissions.
6

Assign role to the application

  1. In the Azure Portal, navigate to your Storage Account.
  2. In the left sidebar, select Access control (IAM).
  3. Click Add > Add role assignment.
  4. In the Role dropdown, select Storage Blob Data Contributor.
  5. Under Assign access to, select User, group, or service principal.
  6. Click Select members, search for the application name we created earlier, and select it.
  7. Click Next, then Review + assign to complete the role assignment.
7

Create a client secret

  1. In the left sidebar, select Certificates & secrets.
  2. Under Client secrets, click New client secret.
  3. Enter a description for the secret and select an expiration period (6 months, 12 months, 24 months, or custom).
  4. Click Add.
  5. Important: Copy the secret value immediately and store it securely. You won’t be able to see it again after you leave this page.
8

Configure token settings (optional)

  1. In the left sidebar, select Token configuration.
  2. Here you can configure optional claims to be included in the ID and access tokens issued to your application.
  3. Click Add optional claim if you need to include additional information in your tokens.
9

Configure app visibility (optional)

If you want users to see your app on their My Apps page:
  1. From the search bar at the top of the Azure portal, search for Enterprise applications, select it, and then choose your app.
  2. On the Properties page, set Visible to users? to Yes.
10

Next

Follow the Quickstart.
Need help getting started? Get help in the community.
TopicLinks
GeneralMicrosoft Entra Admin Center
Azure Portal
DeveloperMicrosoft identity platform documentation
How to register an Application
Authorize access to blobs using Microsoft Entra ID
Microsoft Authentication Libraries (MSAL)
Redirect URI Best Practices
Azure Blob Storage REST API
Versioning for Azure Storage
Contribute useful links by editing this page

Common Scopes

ScopeDescription
offline_accessAccess to refresh tokens for offline access
https://storage.azure.com/.defaultAllow the application to access Azure Storage on behalf of the signed-in user

API gotchas

  • Make sure you request the offline_access scope to get a refresh token and keep access with your integration.
  • If you require a user to reauthenticate and force them to accept scopes that have been updated or changed you can force a prompt via the authorization_params:
const { data } = await nango.createConnectSession({
  [...],
  integrations_config_defaults: {
    "<provider-name>": {
      authorization_params: {
        "prompt": "consent"
      }
    }
  }
});
Contribute API gotchas by editing this page

Going further

Connect to Azure Blob Storage

Guide to connect to Azure Blob Storage using Connect UI