Setting up probabilistic IDR requires a few one-time steps in your Azure environment, plus additional setup completed by Hightouch.
Step 1: Set up Azure storage for Hightouch
If you haven’t already configured Azure Blob Storage for your Hightouch workspace, follow the instructions in Azure Blob Storage external storage setup.
The storage container must meet the following requirements:
-
Located in the same region as your Hightouch workspace
-
Must not have object lifecycle rules that delete or expire objects in the following path:
/workspace-$WORKSPACE_ID/datalake
Step 2: Share storage account information
In the Azure console:
-
Navigate to the storage container you set up in Step 1, then go to Settings → Properties.
Share the container URL with your Hightouch team. The URL should look like:
<storageAccount>.blob.core.windows.net/<container> -
Navigate to the app registration you created in Step 1.
Copy the Directory (tenant) ID from Overview → Essentials and share it with your Hightouch team. You do not need to share any secrets or other IDs.
Step 3: Grant storage access to the Hightouch datalake
Your Hightouch team will provide an Azure consent URL and an Azure app name.
Complete the following steps (these mirror steps 2.2–2.9 in Snowflake’s Azure external volume documentation):
- Visit the provided consent URL and click Accept.
This allows you to assign roles in later steps but does not grant permissions by itself. - In the Azure console, navigate to the storage account → Access Control (IAM).
- Select Add → Add role assignment.
- Choose the Storage Blob Data Contributor role.
- Search for and select the app name provided by Hightouch.
- Click Review + assign.
The Hightouch datalake is now registered as a service principal in your Azure account with access to the storage account.