diff --git a/filesystems/blob/src/main/scala/cromwell/filesystems/blob/BlobFileSystemManager.scala b/filesystems/blob/src/main/scala/cromwell/filesystems/blob/BlobFileSystemManager.scala
index e3de6783d85..969331fd458 100644
--- a/filesystems/blob/src/main/scala/cromwell/filesystems/blob/BlobFileSystemManager.scala
+++ b/filesystems/blob/src/main/scala/cromwell/filesystems/blob/BlobFileSystemManager.scala
@@ -178,10 +178,7 @@ case class WSMBlobSasTokenGenerator(wsmClientProvider: WorkspaceManagerApiClient
     * @return an AzureSasCredential for accessing a blob container
     */
   def generateBlobSasToken(endpoint: EndpointURL, container: BlobContainerName): Try[AzureSasCredential] = {
-    val wsmAuthToken: Try[String] = overrideWsmAuthToken match {
-      case Some(t) => Success(t)
-      case None => AzureCredentials.getAccessToken(None).toTry
-    }
+    val wsmAuthToken: Try[String] = getWsmAuth
     container.workspaceId match {
       // If this is a Terra workspace, request a token from WSM
       case Success(workspaceId) => {
@@ -205,6 +202,13 @@ case class WSMBlobSasTokenGenerator(wsmClientProvider: WorkspaceManagerApiClient
     val wsmResourceClient = wsmClientProvider.getResourceApi(wsmAuth)
     wsmResourceClient.findContainerResourceId(workspaceId, container)
   }
+
+  def getWsmAuth: Try[String] = {
+    overrideWsmAuthToken match {
+      case Some(t) => Success(t)
+      case None => AzureCredentials.getAccessToken(None).toTry
+    }
+  }
 }
 
 case class NativeBlobSasTokenGenerator(subscription: Option[SubscriptionId] = None) extends BlobSasTokenGenerator {
diff --git a/filesystems/blob/src/main/scala/cromwell/filesystems/blob/BlobPathBuilder.scala b/filesystems/blob/src/main/scala/cromwell/filesystems/blob/BlobPathBuilder.scala
index 9f8adc99634..c70b3b8711c 100644
--- a/filesystems/blob/src/main/scala/cromwell/filesystems/blob/BlobPathBuilder.scala
+++ b/filesystems/blob/src/main/scala/cromwell/filesystems/blob/BlobPathBuilder.scala
@@ -7,6 +7,7 @@ import cromwell.filesystems.blob.BlobPathBuilder._
 
 import java.net.{MalformedURLException, URI}
 import java.nio.file.{Files, LinkOption}
+import java.util.UUID
 import scala.jdk.CollectionConverters._
 import scala.language.postfixOps
 import scala.util.{Failure, Success, Try}
@@ -186,9 +187,22 @@ case class BlobPath private[blob](pathString: String, endpoint: EndpointURL, con
     */
   def pathWithoutContainer : String = pathString
 
-  def parseTerraWorkspaceIdFromPath: Option[String] = {
-    if(container.value.startsWith("sc-")) Option(container.value.substring(3)) else None
+  def parseTerraWorkspaceIdFromPath: Try[UUID] = {
+    if(container.value.startsWith("sc-")) Try(UUID.fromString(container.value.substring(3))) else Failure(new Exception("Could not parse workspace ID from storage container"))
+  }
+
+  def containerWSMResourceId: Try[UUID] = {
+
+    val wsmGenerator: Option[WSMBlobSasTokenGenerator] = fsm.blobTokenGenerator match {
+      case wsmGenerator: WSMBlobSasTokenGenerator    => Option(wsmGenerator)
+      case _: Any => None
+    }
+    val workspaceId: Try[UUID] = parseTerraWorkspaceIdFromPath
+    val wsmAuth: Try[String] = wsmGenerator.get.getWsmAuth
+
+    Try(wsmGenerator.get.getContainerResourceId(workspaceId.get, container, wsmAuth.get)).flatten
   }
 
   override def getSymlinkSafePath(options: LinkOption*): Path  = toAbsolutePath
+
 }
diff --git a/filesystems/blob/src/main/scala/cromwell/filesystems/blob/BlobPathBuilderFactory.scala b/filesystems/blob/src/main/scala/cromwell/filesystems/blob/BlobPathBuilderFactory.scala
index 47245552dc2..c6921338799 100644
--- a/filesystems/blob/src/main/scala/cromwell/filesystems/blob/BlobPathBuilderFactory.scala
+++ b/filesystems/blob/src/main/scala/cromwell/filesystems/blob/BlobPathBuilderFactory.scala
@@ -29,6 +29,7 @@ final case class EndpointURL(value: String) {
   }
 }
 final case class WorkspaceId(value: UUID) {override def toString: String = value.toString}
+
 final case class ContainerResourceId(value: UUID) {override def toString: String = value.toString}
 final case class WorkspaceManagerURL(value: String) {override def toString: String = value}
 
diff --git a/supportedBackends/tes/src/main/scala/cromwell/backend/impl/tes/TesAsyncBackendJobExecutionActor.scala b/supportedBackends/tes/src/main/scala/cromwell/backend/impl/tes/TesAsyncBackendJobExecutionActor.scala
index 8bf9f4afb10..d323929aad1 100644
--- a/supportedBackends/tes/src/main/scala/cromwell/backend/impl/tes/TesAsyncBackendJobExecutionActor.scala
+++ b/supportedBackends/tes/src/main/scala/cromwell/backend/impl/tes/TesAsyncBackendJobExecutionActor.scala
@@ -29,7 +29,7 @@ import wom.values.WomFile
 import java.io.FileNotFoundException
 import java.nio.file.FileAlreadyExistsException
 import scala.concurrent.Future
-import scala.util.{Failure, Success}
+import scala.util.{Failure, Success, Try}
 sealed trait TesRunStatus {
   def isTerminal: Boolean
   def sysLogs: Seq[String] = Seq.empty[String]
@@ -74,7 +74,6 @@ class TesAsyncBackendJobExecutionActor(override val standardParams: StandardAsyn
   override type StandardAsyncRunState = TesRunStatus
 
   def statusEquivalentTo(thiz: StandardAsyncRunState)(that: StandardAsyncRunState): Boolean = thiz == that
-
   override lazy val pollBackOff: SimpleExponentialBackoff = tesConfiguration.pollBackoff
   override lazy val executeOrRecoverBackOff: SimpleExponentialBackoff = tesConfiguration.executeOrRecoverBackoff
 
@@ -105,6 +104,7 @@ class TesAsyncBackendJobExecutionActor(override val standardParams: StandardAsyn
   }
 
   def getLocalizedSasTokenParams : Option[LocalizedSasTokenParams] = {
+
     val workflowName = workflowDescriptor.callable.name
     val callInputFiles = jobDescriptor.fullyQualifiedInputs.safeMapValues { _.collectAsSeq { case w: WomFile => w }}
     val taskInputs: List[Input] = TesTask.buildTaskInputs(callInputFiles, workflowName, mapCommandLineWomFile)
@@ -114,13 +114,20 @@ class TesAsyncBackendJobExecutionActor(override val standardParams: StandardAsyn
     }.collect{
       case c: BlobPathBuilder.ValidBlobPath => c
     }
+
     val shouldLocalizeSas = true //TODO: Make this a Workflow Option or come from the WDL
     if(!shouldLocalizeSas || blobFiles.isEmpty) return None
     val templateBlobFile = blobFiles.head
+    val initialPath: Try[Path] = getPath(templateBlobFile.path)
+    val blobPath: Option[BlobPath] = initialPath.get match {
+      case blob: BlobPath => Option(blob)
+      case _: Any => None
+    }
+
     val container = templateBlobFile.container
-    val maybeWorkspaceId = Option("1234")
+    val maybeWorkspaceId = blobPath
     val wsmEndpoint = "1234"
-    maybeWorkspaceId.map(workspaceId => LocalizedSasTokenParams(wsmEndpoint, container.value, workspaceId))
+    maybeWorkspaceId.map(workspaceId => LocalizedSasTokenParams(wsmEndpoint, container.value, blobPath.get.containerWSMResourceId.get.toString))
   }
 
   override def mapCommandLineWomFile(womFile: WomFile): WomFile = {