Share via

Connecting Azure logic app with storage account to generate SAS URI

Saaketh Gunti 20 Reputation points Microsoft Employee
2025-01-31T06:57:34.6066667+00:00

I am trying to connect to Azure storage account from Azure Logic Apps using Managed Identity to generate Delegation SAS for blobs.

I have followed this documentation to create the workflow: https://learn.microsoft.com/en-us/azure/connectors/connectors-create-api-azureblobstorage?tabs=consumption#access-blob-storage-in-same-region-with-system-managed-identities

I have given the role "Storage Blob Data Contributor" to the system assigned managed identity of Logic Apps and was able to connect to the storage account and list the blobs using logic app.
User's image

But I am getting errors when trying to create the SAS URI and I am getting this error.
"error": "'Operation not supported with Microsoft Entra ID authentication, use Azure Storage Account name/key connection instead.' "

Did anyone have any experience with this issue?

Thanks

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,063 questions
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,336 questions
Accepted answer
  1. Abiola Akinbade 23,055 Reputation points
    2025-02-02T14:05:01.65+00:00

    Hello Saaketh Gunti,

    Thanks for your question.

    “Generate SAS URI” action is a bit old-school—it only works with storage account keys (like a password) and doesn’t support modern login methods like Managed Identity.

    Alternatively, You could try using a fucntion that will use Managed Identity toecurely create the SAS.

    Call this function from your Logic App whenever you need a SAS URI.

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Keshavulu Dasari 3,185 Reputation points Microsoft Vendor
    2025-02-02T13:07:16.4866667+00:00

    Hi Saaketh Gunti,

    I understand an issue with generating a SAS URI using Managed Identity in Azure Logic Apps. The error message indicates that the operation is not supported with Microsoft Entra ID authentication and suggests using the Azure Storage Account name/key connection instead.

    Ensure that the Managed Identity has the correct permissions. You are mentioned assigning the "Storage Blob Data Contributor" role, which is correct. and check that the role is assigned to the correct scope (the storage account or the specific container).

    Use Access Keys as the error message suggests, try using the storage account name and key for authentication instead of Managed Identity. This can be done by creating a connection in the Logic App using the storage account's access keys. ensure that you are using the correct API version for the "Create SAS URI by path (V2)" action. Sometimes, using an outdated API version can cause compatibility issues.

    If Managed Identity is a requirement, consider using an Azure Function or Azure Automation to generate the SAS token and then call this function from your Logic App.

    For more please refer to the official Azure documentation. If you have any questions, please let us know.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.         
    User's image   

    If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.