1. Atlan
  2. πŸ›  Connections
  3. Snowflake Connectivity

How to enable Snowflake OAuth

Updated
Have more questions? Submit a request
πŸ§ͺ Preview feature! This feature is available for your experimentation, and we'd love your feedback. It may change before its final generally-available form.

Atlan supports Snowflake OAuth-based authentication for Snowflake connections. Once the integration has been completed, Atlan will generate a trusted secure token with Snowflake. This will allow Atlan to authenticate users with Snowflake on their behalf to:

Configure Snowflake OAuth in Atlan

πŸ€“ Who can do this? You will need to be a connection admin in Atlan to complete these steps. You will also need your admin user in Atlan to enable bring your own credentials (BYOC) from the admin center β€” and inputs and approval from your Snowflake account administrator.

 

To configure Snowflake OAuth on a Snowflake connection, from Atlan:

  1. From the left menu of any screen, click Assets.
  2. From the Assets page, click the Connector filter, and from the dropdown, click Snowflake.
  3. From the pills below the search bar at the top of the screen, click Connection.
  4. From the list of results, select a Snowflake connection to enable Snowflake OAuth-based authentication.
  5. From the sidebar on the right, next to Connection settings, click Edit.
  6. In the Connection settings dialog:
    • Under Allow query, for Authentication type, click Snowflake OAuth to enforce Snowflake OAuth credentials for querying data:
      1. For Authentication Required, click Copy Code to copy a security authorization code to execute it in Snowflake.
    • Under Display sample data, for Source preview, click Snowflake OAuth to enforce Snowflake OAuth credentials for viewing sample data:
      • If Snowflake OAuth-based authentication is enabled for querying data, the same connection details will be reused for viewing sample data.
      • If a different authentication method is enabled for querying data, click Copy Code to copy a security authorization code to execute it in Snowflake.
  7. At the bottom right of the Connection settings dialog, click Update.
πŸ’ͺ Did you know? The refresh token does not expire by default.

Create a security integration in Snowflake

πŸ€“ Who can do this? You will need your Snowflake account administrator to run these commands. You will also need to have an existing Snowflake connection in Atlan.

To create a security integration in Snowflake:

  1. Log in to your Snowflake instance.
  2. From the top right of your Snowflake instance, click the + button, and then from the dropdown, click SQL Worksheet to open a new worksheet.
  3. In the query editor of your Snowflake SQL worksheet, paste the security authorization code you copied in Atlan. See a representative example below: 
    create security integration <name>
    type = external_oauth
    enabled = true
    external_oauth_type = okta
    external_oauth_issuer = 'https://<COMPANY>.okta.com/oauth2/<ID>'
    external_oauth_jws_keys_url = 'https://<COMPANY>.okta.com/oauth2/<ID>/v1/keys'
    external_oauth_audience_list = ('<snowflake_account_url')
    external_oauth_token_user_mapping_claim = 'sub'
    external_oauth_any_role_mode = 'ENABLE';
    external_oauth_snowflake_user_mapping_attribute = 'Email'
  4. Run the security integration in Snowflake.
  5. (Optional) To allow the ACCOUNTADMIN role to query with Snowflake OAuth-based authentication, add and run the following command to set account-level permissions: 
    ALTER ACCOUNT SET EXTERNAL_OAUTH_ADD_PRIVILEGED_ROLES_TO_BLOCKED_LIST = FALSE;

Your users will now be able to run queries and view sample data using their Snowflake OAuth credentials! πŸŽ‰

πŸ’ͺ Did you know? You can refer to troubleshooting connector-specific SSO authentication to troubleshoot any errors.

Related articles

See more
Was this article helpful?
0 out of 0 found this helpful