Follow

Figure Eight Secure Data Access - Azure Integration

When utilizing Figure Eight’s Secure Data Access, your team maintains ownership and governance overall source data. The data that your team supplies never leave your servers. For added security, private buckets can be used while processing training data in the Figure Eight platform.

Your team serves the source data via secure URLs hosted in private buckets inside your cloud storage. The only data that is passed to Figure Eight are the URLs for your private bucket, which will be assigned a unit ID. Corresponding annotations for the data can be downloaded from the Figure Eight platform and can subsequently be associated with source data via the unit ID.

  • Secure content is rendered through signed URLs
  • Signed URLs expire immediately after the content is rendered
  • Your content is never stored or saved within the Figure Eight platform
  • Content is rendered only to authenticated contributors and requestors with access to specific Figure Eight tasks. 

Note: For access to this feature, please contact your Customer Success Manager or Account Executive.

Guide to set-up Secure Data Access with Azure

1. Create an Azure private blob storage.

  • Reach out to your DevOps teams to create an Azure Private Blob Storage. The blob storage will be used to store all the content that your team will annotate in Figure Eight platform.

 2. Share the storage account key and Azure account name with Figure Eight DevOps team.

  • Figure Eight application would require the storage account key for integration and hence we suggest a separate Azure storage account be created
  • Have your DevOps team (or Figure Eight admin) share the Azure account key in an encrypted file along with your Azure account name with the Figure Eight DevOps team. 

3. Figure Eight DevOps team to activate the integration & share next steps.

  • Once the integration is complete and active, Figure Eight DevOps team will send a confirmation along with Storage CML Name to be used by your team.
  • Storage CML Name is a unique name for your storage provider integration. This name will be used within the CML of a job to indicate which data columns reference private storage URLs. Each Storage Provider integration requires a unique Storage CML name. Please share the Storage CML name with your team to be used during job design. 

4. Verify access to your private content.

  • Set up a job that uses secure content and upload the CSV file with URL of the secure content (e.g. images)
    • Note: URL’s for secure content should follow this format: 

https://account_name.blob.core.windows.net/container_name/file_name

  • Set up a job that uses secure content and modify the CML (Custom Markup Language) tag as per the instructions described below:
    • In your jobs, secure data columns should be marked with a CML liquid tag in the job design.
      • Please note that the CML liquid tag is the “Storage CML Name” that has been configured during storage integration.
      • For example, if a Storage Provider was created with a "Storage CML Name" of "azure_test" then the job CML will have the following tag:
        <img src="{{ image_url | secure: 'azure_test' }}”>
  • Confirm that the secure content is visible when previewing the job
  • Share the “Storage CML Name” with your team so they can also use private storage blobs for Figure Eight jobs.

Important Notes:

  • The integration (and CML Tag Name) is unique for each team and cannot be re-used across multiple different teams.
  • Teams can set-up multiple storage provider integrations. 
  • The feature is supported for the following uses cases:
    • Data categorization, validation and transcription of text, image, audio and video files
      • All filenames should not contain spaces
    • Image Annotation Tool 

Was this article helpful?
2 out of 2 found this helpful


Have more questions? Submit a request
Powered by Zendesk