Microsoft Azure

Overview

Hightouch's Azure integration powers several features:

• Workspace deployment on Azure (see Regions)
• Self-hosted storage via Azure Blob Storage
• Azure Blob Storage source
• Azure Blob Storage destination
• Azure Private Link

Configure Azure

Azure configuration includes creating an app registration and granting access to Blob Storage. Once you've done both of these, you can use your Blob Storage information and Azure credentials to connect Hightouch.

Create an app registration

1. In the Azure Portal, navigate to Azure Active Directory.

   

2. Locate and click Manage > App registrations in the left-hand menu.

   

3. Create a new app registration by selecting + New registration. Give the application a descriptive Name, for example, "Hightouch-integration-user," and leave the Supported account type as Accounts in this organizational directory only (Default Directory only - Single tenant). You don't need a redirect URI for Hightouch storage integration. Click Register when done.

   

4. Next, you need an app secret for this account. While on the app registration screen, navigate to Manage > Certificates & secrets in the left-hand menu. In the Client secrets tab, click New client secret. Enter a Description and Expires time frame. Click Add to create the secret.

   Make sure to select a sufficient expiry time frame. If this credential expires, Hightouch can't access your Azure Blob Storage, and if your workspace is configured to use Azure for log storage, all syncs will fail.

   

5. Copy and store the secret Value, not the Secret ID, after you create it. You won't be able to read the value again later.

6. Navigate to the App Overview in the left-hand menu. Copy and save the Application (client) ID and Directory (tenant) ID. You need both of these and the Client secret value to configure Hightouch.

   

Grant access to Blob Storage

1. In the Azure Portal, navigate to your storage account, and then to the Blob Storage container you want to connect to Hightouch. If you don't have a container, create one.

   

2. In the configuration for your Blob Storage container, go to Access Control (IAM) in the left-hand menu.

   

3. Select +Add then Add role assignment.

   

4. Select the role you want to grant to the Hightouch integration. To use the integration for storage, we suggest using the Storage Blob Data Contributor role. If you want to assign more granular permissions, refer to the for storage documentation and consult your Active Directory administrator. Once you've selected the role, click Next to assign Members to the role.

   

5. Keep User, group, or service principal as the access assignment. Click + Select members and search for and select the Hightouch integration user you created during app registration.

   

6. Click Review + assign to confirm. The Hightouch user should now have access to your Azure Blob Storage.

Configure Hightouch

To configure Hightouch to use the Azure integration user, go to the Cloud providers tab on the Settings page. Click Add cloud provider, and select Microsoft Azure.

Give your credential a Display name, and enter the Tenant ID, Client ID, and Client secret from your Azure configuration.

Azure credential usage

Once you've set up your Microsoft Azure credentials in Hightouch, you can select Microsoft Azure when setting up external storage.