Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Planetary Computer Pro enables organizations to work directly with third-party geospatial data and service providers through cross-tenant application integration. Partner applications can read existing data from your GeoCatalogs for processing and analysis, and deliver new geospatial data products directly to your GeoCatalogs—eliminating the need for complex data pipelines and intermediate storage.
This article explains how partner application integration works, the scenarios it enables, and the roles and responsibilities for both customers and partners.
Partner application scenarios
Microsoft Planetary Computer Pro supports two primary partner integration scenarios:
Geospatial Data Providers (GDP)
Geospatial Data Providers supply geospatial data products such as satellite imagery, aerial photography, and derived datasets. With partner application integration, GDPs can deliver ordered data directly to a customer's GeoCatalog.
Benefits over traditional delivery methods:
| Traditional approach | Partner application approach |
|---|---|
| Download to local machine, then upload to cloud storage | Direct delivery to GeoCatalog |
| Configure separate ingestion pipelines | Automatic STAC catalog population |
| Multiple interfaces for different vendors | Single STAC/Data API interface |
| Manual data organization and cataloging | Immediate search and discovery |
Geospatial Service Providers (GSP)
Geospatial Service Providers offer processing, analytics, and insight generation services. With partner application integration, GSPs can read source data from a customer's GeoCatalog, process it, and deliver results back to the same GeoCatalog.
Example workflow:
- Customer grants GSP read access to specific collections
- GSP retrieves source imagery via STAC API
- GSP performs analysis (for example, change detection, object identification)
- GSP delivers analytics results back to customer's GeoCatalog
- Customer visualizes results in Explorer UI or queries via API
Partner Application Integration Architecture
Partner application integration uses Microsoft Entra ID's multitenant application model. This architecture enables partners to manage a single application while serving multiple customers, with each customer maintaining control over access to their resources.
Key architecture benefits:
- Centralized management: Partners maintain one application registration
- Customer control: Each customer controls access through their own tenant
- Data isolation: Customer data remains in customer-controlled storage
- Scalable onboarding: Adding customers doesn't require changes to the partner application
- Enterprise security: Leverages Microsoft Entra ID features like conditional access and MFA
End-to-end workflow
The following diagram illustrates the complete workflow from partner onboarding to data delivery.
Security considerations
Partner application integration follows Azure security best practices:
- Principle of least privilege: Grant only the permissions required for the partner's operations
- Scoped access: Assign roles at the GeoCatalog resource level, not subscription level
- Audit logging: All partner operations are logged for compliance and troubleshooting
- Revocable access: Customers can remove access at any time by deleting the role assignment or service principal