Skip to main content
Create Ticket

New to Formpipe Support Portal? Register for an account

Need a password reminder?

How Do I Access the Internal Azure Storage Managed by FinOps once the Connection String is Deprecated? - Knowledgebase / Lasernet FO Connector / Lasernet FO Connector FAQs - Formpipe Support Portal

This Article Category Knowledgebase

How Do I Access the Internal Azure Storage Managed by FinOps once the Connection String is Deprecated?

Authors list
  • Last updated: 19 Feb 2025 by Alice Petruzzella

Advanced Settings for the SAS within Lasernet Connector for Finance and Operations

Lasernet FO Connector 7.1 includes advanced settings for user-delegated SAS and SAS tokens that can be used to enhance security.

These settings can be used to lower the lifetime within the SAS token lifetime (hours) field. However, this value cannot be higher than 168 hours (seven days).

The SAS token recycle window (hours) field specifies how many hours before a SAS token expires, a new token should be generated.

The default for the SAS token lifetime (hours) is 168 hours, and the default for the SAS token recycle window (hours) is 24 hours.

SETTINGS

  • Send SAS tokens: This defines whether SAS tokens should be added as a property for the entry within the Azure Service Bus Queue. The default setting is Yes, but Lasernet FO Connector will also validate whether it is possible to provide information for the user-delegated SAS (managed Identity) or non-user-delegated SAS.

Send SAS tokens enabled

Send SAS tokens disabled

  • Send storage account name: This defines whether the Storage account name should be included as a property for the entry within the Azure Service Bus Queue. The default setting is Yes. If this toggle button is set to No, manually add the Storage account name to Lasernet.

Send storage account name enabled

Send storage account name disabled

The Storage account name can be found in Lasernet > Setup > Parameters > Performance:

Copy this value into Lasernet if it is not included in the Servicebus Queue when the Send storage account name toggle button is set to No.

Permissions

The same permissions are used for all instances/containers created within the Connections form (Lasernet > Setup > Administration > Connections):

  • Read

  • Write

  • Delete

  • List

ReadWrite, and Delete permissions are necessary for the communication between Lasernet FO Connector and Lasernet, while only the List permission is needed when using Azure Storage Explorer.

The required permissions for Lasernet are Read, Write, and Delete.

The required permissions for Azure Storage Explorer are Read, Write, Delete, and List.

Additionally, the SAS token can be generated and used to test the SAS functionality in Lasernet:

A SAS/SAS token provides access to a specific entity/container within Azure Storage.

Fill in the Storage account name and Blob Container fields, and paste the previously copied value into the SAS Token field (SAS/SAS tokens provide access to a specific entity/container within Azure Storage):

Security

Disabling the Send storage account name setting increases security by ensuring that knowing the SAS token(s) and container name is insufficient to access the storage.

Similarly, disabling List permissions ensures that no files/blobs within the containers can be listed.

Furthermore, if a highly secure setup is required, it is advisable to lower the values for the SAS token recycle window (hours) and SAS token lifetime (hours).


Helpful Unhelpful

1 of 1 people found this page helpful

Add a comment

Please log in or register to submit a comment.

Need a password reminder?
This Article Category Knowledgebase

Share

Author
Alice Petruzzella
Creation date
12 Feb 2025
Last update
19 Feb 2025
Publish date
17 Feb 2025