Appen Secure Data Access - Azure Integration

When utilizing Appen’s Secure Data Access, your team maintains ownership and governance of overall source data. The data that your team supplies never leaves your servers. Private buckets can be used for added security while processing training data in Appen.

Your team serves the source data via secure URLs hosted in private buckets inside your cloud storage. The only data that is passed to Appen are the URLs for your private bucket, which will be assigned a unit ID. Corresponding annotations for the data can be downloaded from Appen and can subsequently be associated with source data via the unit ID.

  • Secure content is rendered through signed URLs
  • Signed URLs expire immediately after the content is rendered
  • Your content is never stored or saved within Appen
  • Content is rendered only to authenticated contributors and requestors with access to specific Appen tasks. 

Note: For access to this feature, please contact your Customer Success Manager or Account Executive.

Dedicated customers - Please note this feature is currently unavailable on-premises and only available via the cloud multi-tenant Appen Data Annotation Platform (ADAP). If you are a Dedicated customer, you can use Secure Data Access via an S3 Integration. For more information, please refer to this article.

Guide to setting up Secure Data Access with Azure

1. Create the Azure private blob storage and copy the Azure access key - Manage Account Access Keys - Azure Storage

2. Go to Select Azure storage from the drop-down menu and input desired CML reference for this storage provider.

3. Enter the storage account name and storage access key.

4. Verify Active storage provider status at Reach out to should there be any issues activating your azure storage provider


5. Verify access to your private content.

  • Set up a job that uses secure content and upload the CSV file containing URLs of the secure content (e.g. images)
    • Note: URLs for secure content should follow this format: 


  • Set up a job that uses secure content and modify the CML (Custom Markup Language) tag as per the instructions described below:
    • In your jobs, secure data columns should be marked with a CML liquid tag in the job design.
      • Please note that the CML liquid tag is the “Storage CML Name” that has been configured during storage integration.
      • For example, if a Storage Provider was created with a "Storage CML Name" of "azure_test" then the job CML will have the following tag:
        <img src="{{ image_url | secure: 'azure_test' }}”>
  • Confirm that the secure content is visible when previewing the job
  • Share the “Storage CML Name” with your team so they can also use private storage blobs for Appen jobs.

Important Notes:

  • The integration (and CML Tag Name) is unique for each team and cannot be re-used across multiple different teams.
  • Teams can set up multiple storage provider integrations. 
  • The feature is supported for the following uses cases:
    • Data categorization, validation, and transcription of text, image, audio, and video files
      • All filenames should not contain spaces
    • Image Annotation Tool 

Was this article helpful?
12 out of 13 found this helpful

Have more questions? Submit a request
Powered by Zendesk