cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Can we create an external location from a different tenant in Azure

CVveeLT
New Contributor II

‎02-18-2025 01:31 AM

We are looking to add an external location which points to a storage account in another Azure tenant. Is this possible? Could you point to any documentation around this.

Currently, when we try to add a new credential providing a DBX access connector and managed identity from a second tenant, it fails with the below error - 

Azure Managed Identity Credential with Access Connector Id /subscriptions/9e3f0e12-a02f-4ef3-b8c5-4b3571fb80b8/resourceGroups/BigDataRG1/providers/Microsoft.Databricks/accessConnectors/veena-new-dbx-eastus and Managed Identity ID /subscriptions/9e3f0e12-a02f-4ef3-b8c5-4b3571fb80b8/resourcegroups/BigDataRG1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/veena-dbx-mi for Account Id: 53cd939d-b873-4ad3-a4cf-e4d95bacae68 could not be found.

0 Kudos
2 REPLIES 2

Alberto_Umana
Databricks Employee
Databricks Employee

‎02-18-2025 04:33 AM

Hello @CVveeLT,

Yes, it is possible to add an external location pointing to a storage account in another Azure tenant. 

From documentation: 

 

  • Double-check if the Managed Identity and Access Connector are correctly set up in the second tenant. 
  • Ensure the Managed Identity is granted the appropriate role ("Storage Blob Data Contributor") on the desired storage account and container.
  • Verify that the Managed Identity, Access Connector IDs, and the tenant details are correctly specified within your Databricks Unity Catalog configuration

 

0 Kudos

CVveeLT
New Contributor II

‎02-18-2025 11:09 PM - edited ‎02-18-2025 11:10 PM

Thanks for the response @Alberto_Umana .

Looks like the IDs are all provided correctly.  Here is the config -

Tenant A                                                                Tenant B
Databricks is hosted here                                   
                                                                                Created Resource group RGB 
                                                                                Created Storage account SA1 in resource group RGB
                                                                                Created Access connector AC1 with subscription B, resource                                                                                        group RGB
                                                                                Created Managed Identity MI1 with subscription B, resource                                                                                          group RGB
                                                                               MI1 is given storage blob data contributor for Storage account SA1
 
Adding Databricks credential with
Access connector id of AC1 and
Managed Identity id of MI1
fails.
 
Is there anything missing with this.
What additional tenant details are to be provided while creating Databricks credential
0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements
Top