Ejento AI
GuidesQuickstart
RecipesREST APIsRelease NotesFAQs
GuidesQuickstart
RecipesREST APIsRelease NotesFAQs
Ejento AI
  1. Setup After Deployment
  • How to Setup Ejento on Azure
  • Prerequisites
  • Deployment on Azure
  • Setup After Deployment
    • Custom Domain Set Up
    • Microsoft SSO Authentication
    • Okta SSO Authentication
    • SharePoint Connection Set Up
    • Developer API Set Up
    • Azure AI Search Indexer
  • MCP Servers
    • Slack
    • Jira
    • Azure
    • Snowflake
  • Overview
    • Azure Resources
GuidesQuickstart
RecipesREST APIsRelease NotesFAQs
GuidesQuickstart
RecipesREST APIsRelease NotesFAQs
Ejento AI
  1. Setup After Deployment

Azure AI Search Indexer

Image Indexing Fallback via Managed Identity#

Overview#

Azure AI Indexer serves as the fallback mechanism for image indexing in Ejento AI. To enable the Azure Search service to access storage accounts, the service's system-assigned managed identity must be configured with the appropriate role assignments.
This guide walks through the complete setup so the indexer can successfully process:
Documents that contain images
Standalone image files
Required Permission
You must have the User Administrator Role before proceeding with any steps in this guide.

Prerequisites#

Ensure the following resources are in place before starting.

1. Azure Storage Account#

You must have an existing Azure Storage Account in use by the Indexing Service (Azure App Service).
You can locate the storage account name from:
The Indexing Application environment variables
Your Infrastructure team

2. Azure AI Search Service with Managed Identity Enabled#

You must have an active Azure AI Search instance with a system-assigned Managed Identity enabled.
A system-assigned Managed Identity allows Azure AI Search to securely authenticate to other Azure resources without storing credentials.
If Managed Identity is not yet enabled, follow Step 1 below before proceeding.

Step 1 — Enable Managed Identity on Azure AI Search#

1.
Sign in to the Azure Portal
2.
Open your Azure AI Search resource
3.
From the left menu, select Identity
4.
Under System assigned, switch Status to On
5.
Click Save
After enabling, Azure may take 1–3 minutes to register the identity across services before it becomes visible in other resources.

Step 2 — Grant Storage Permissions to Azure AI Search#

The search service must be authorized to read and process files inside the storage account. This is configured through Azure RBAC role assignments.

Open Storage Account Permissions#

1.
In the Azure Portal, open your Storage Account
2.
From the left menu, select Access control (IAM)
3.
Click Add → Add role assignment

Assign Required Roles#

You must assign both of the following roles — assigning only one is insufficient for full indexer functionality.
RolePurpose
Storage Blob Data ReaderAllows the search indexer to read blobs from storage
Storage Blob Data ContributorAllows the search indexer to process metadata and enrichment outputs

Select the Managed Identity#

After selecting a role:
1.
Click Next
2.
Choose Managed identity as the member type
3.
Click Select members
4.
Change the filter to System-assigned managed identity
5.
Locate your Azure AI Search service identity
6.
Select it and click Select
If the identity does not appear:
Wait a few minutes — this may be an identity propagation delay
Refresh the portal
Confirm that Managed Identity is enabled on the search service (see Step 1)

Complete the Role Assignment#

1.
Click Review + assign
2.
Repeat the same steps for the second role
After completing both assignments, verify they appear in the Role assignments tab under Access control (IAM) on your storage account.
Previous
Developer API Set Up
Next
MCP Servers