Learn how to create an Azure cloud storage integration in Snowflake.

1. In the Snowflake application worksheet area, create a new SQL worksheet.
2. In the SQL worksheet, run this command to create an external stage storage integration:

   CREATE STORAGE INTEGRATION <storage_integration_name>
     TYPE = EXTERNAL_STAGE
     STORAGE_PROVIDER = 'AZURE'
     ENABLED = TRUE
     AZURE_TENANT_ID = '<tenant_id>'
     STORAGE_ALLOWED_LOCATIONS = ('azure://<storage_account_name>.blob.core.windows.net/<storage_container_name>/<path>/');

   where:

   • <storage_integration_name>: Is the name for this external integration, for example, snowflake_azure_integration.

     Tip: Take note of this value. You'll need it when you Create an external stage (Azure).

   • <tenant_id>: Is the value of the Directory (tenant) ID you created in Create Azure client credentials

   • azure://<storage_account_name>.blob.core.windows.net/<storage_container_name>/<path>/: Identifies the Azure cloud storage containers that this external integration is allowed to reference:

     • <storage_account_name>: The name of the Azure storage account you created in Create an Azure storage account.

     • <storage_container_name>: The name of the Azure storage container that you created in Create an Azure storage account container.

     • <path>: The path to your Reltio tenant environment/ID, for example test-usg/aBc12dEfgh3IJk4.

3. In the SQL worksheet, view the Successfully created notification message.
4. Grant Snowflake access to the storage location you specified in the external integration you created in the previous step:
   1. In the same (or a separate) SQL spreadsheet, run this command to retrieve the consent URL:

      desc storage integration <storage_integration_name>;

      where:

      • <storage_integration_name>: Is the name of the external storage integration you created in the previous step.

   2. From the command response, Take note of these values, which you will need to grant this application the permissions necessary to obtain an access token for your allowed Azure storage locations:

      • AZURE_CONSENT_URL: Is the URL for the Microsoft permissions request page.

      • AZURE_MULTI_TENANT_APP_NAME: Is the name of the Snowflake client application created for your account.

   3. In a web browser, navigate to the AZURE_CONSENT_URL value specified in the response you received in the previous step.
   4. On the displayed Microsoft permissions request page, select Accept to create the Snowflake service principal and open the Snowflake website.
5. Grant the Snowflake service principal the appropriate permissions on the Azure storage container:
   1. In the Microsoft Azure portal, navigate to and search and select the Azure storage account you created in Create an Azure storage account.
   2. On the Storage account page, select the Access Control (IAM) tab.
   3. Select Add > role assignment.
   4. On the Add role assignment page Role tab, search for and select Storage blob data contributor.
   5. Complete the Members tab:

      • Selected role

      • Assign access tab:

        • Members: Select + Select members in the panel displayed on the right, search for the value of the AZURE_MULTI_TENANT_APP_NAME variable from step 4 above. Delete the underscore and any following characters from the search field and then select your displayed value.

      Attention: If you delete the service principal, the storage integration will stop working. You'll need to reauthorize a Snowflake service principal for the Reltio Data Pipeline for Snowflake to continue functioning.
   6. At the bottom of the pane, select the Select button.
   7. At the bottom of the page, select Review and assign button.
   8. In the Review and assign tab, review the details you specified and then at the bottom of the page, select Review and assign again.
6. Clear the Added role assignment notification and then back on the Access and Control (IAM) page, view your new storage blob data contributor in the list.