π§ͺ Preview feature! This feature is available for your experimentation, and we'd love your feedback. It may change before its final generally-available form.
Atlan supports Snowflake OAuth-based authentication for Snowflake connections. Once the integration has been completed, Atlan will generate a trusted secure token with Snowflake. This will allow Atlan to authenticate users with Snowflake on their behalf to:
Configure Snowflake OAuth in Atlan
π€ Who can do this? You will need to be a connection admin in Atlan to complete these steps. You will also need your admin user in Atlan to enable bring your own credentials (BYOC) from the admin center β and inputs and approval from your Snowflake account administrator.
To configure Snowflake OAuth on a Snowflake connection, from Atlan:
- From the left menu of any screen, click Assets.
- From the Assets page, click the Connector filter, and from the dropdown, click Snowflake.
- From the pills below the search bar at the top of the screen, click Connection.
- From the list of results, select a Snowflake connection to enable Snowflake OAuth-based authentication.
- From the sidebar on the right, next to Connection settings, click Edit.
- In the Connection settings dialog:
- Under Allow query, for Authentication type, click Snowflake OAuth to enforce Snowflake OAuth credentials for querying data:
- For Authentication Required, click Copy Code to copy a security authorization code to execute it in Snowflake.
- Under Display sample data, for Source preview, click Snowflake OAuth to enforce Snowflake OAuth credentials for viewing sample data:
- If Snowflake OAuth-based authentication is enabled for querying data, the same connection details will be reused for viewing sample data.
- If a different authentication method is enabled for querying data, click Copy Code to copy a security authorization code to execute it in Snowflake.
- Under Allow query, for Authentication type, click Snowflake OAuth to enforce Snowflake OAuth credentials for querying data:
- At the bottom right of the Connection settings dialog, click Update.
πͺ Did you know? The refresh token does not expire by default.
Create a security integration in Snowflake
π€ Who can do this? You will need your Snowflake account administrator to run these commands. You will also need to have an existing Snowflake connection in Atlan.
To create a security integration in Snowflake:
- Log in to your Snowflake instance.
- From the top right of your Snowflake instance, click the + button, and then from the dropdown, click SQL Worksheet to open a new worksheet.
- In the query editor of your Snowflake SQL worksheet, paste the security authorization code you copied in Atlan. See a representative example below:
create security integration <name> type = external_oauth enabled = true external_oauth_type = okta external_oauth_issuer = 'https://<COMPANY>.okta.com/oauth2/<ID>' external_oauth_jws_keys_url = 'https://<COMPANY>.okta.com/oauth2/<ID>/v1/keys' external_oauth_audience_list = ('<snowflake_account_url') external_oauth_token_user_mapping_claim = 'sub' external_oauth_any_role_mode = 'ENABLE'; external_oauth_snowflake_user_mapping_attribute = 'Email'
- Run the security integration in Snowflake.
- (Optional) To allow the
ACCOUNTADMIN
role to query with Snowflake OAuth-based authentication, add and run the following command to set account-level permissions:ALTER ACCOUNT SET EXTERNAL_OAUTH_ADD_PRIVILEGED_ROLES_TO_BLOCKED_LIST = FALSE;
Your users will now be able to run queries and view sample data using their Snowflake OAuth credentials! π
πͺ Did you know? You can refer to troubleshooting connector-specific SSO authentication to troubleshoot any errors.