top of page
Snowflake Oneboard

Connecting to Snowflake

Refer to Snowflake's documentation to learn how to find your account identifier. There are two account identifier formats, and the one you use depends on when you created your account.

Oneboard supports OAuth method to Snowflake:

  • OAuth: OAuth based authentication with individual user credentials. Each user is prompted to authenticate with Snowflake via an OAuth authentication flow.

Connecting to Snowflake with OAuth allows database administrators to:

  • Audit Oneboard users who run queries against the database.

  • Enforce role-based access controls using Snowflake permissions.

  • Use OAuth tokens for all processes and actions that access Snowflake, instead of embedding Snowflake IDs and passwords in multiple places

  • Revoke authorization for a given user through Snowflake

With Snowflake connections that use OAuth, users must log in again periodically when their OAuth tokens expire. The duration of validity for Snowflake OAuth tokens is set through Snowflake itself.

To use OAuth, you need a Client ID and Secret pair that's generated by creating a security integration in Snowflake for Oneboard.

Create a security integration in Snowflake

Note: Admin credentials required

Creating a SECURITY_INTEGRATION in Snowflake requires the ACCOUNTADMIN role or a global CREATE INTEGRATION privilege

First, create a security integration in Snowflake—this creates an interface between Snowflake and Oneboard using OAuth. Run the following command in the Snowflake UI.

USE ROLE ACCOUNTADMIN;

 

CREATE OR REPLACE SECURITY INTEGRATION ONEBOARD

TYPE = OAUTH

ENABLED = TRUE

OAUTH_CLIENT = CUSTOM

OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'

OAUTH_REDIRECT_URI = 'https://sweeft.ai/oauth'

OAUTH_ISSUE_REFRESH_TOKENS = TRUE

OAUTH_REFRESH_TOKEN_VALIDITY = 7776000;

In example we provided a Refresh Token expiration of 7'776'000 sec which is 90 days.

We also encourage you to define a specific ROLE for SQL API and use a default /specific Warehouse for users using Oneboard.

Next, retrieve the OAuth Client ID and Client Secret for the security integration you just created by running the following command in the Snowflake UI:

SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('ONEBOARD');

You should see the OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET in the response of this query.

Connecting Oneboard to Snowflake

First, tap on             icon in the Tab , then select Connections.

In connections screen, tap on new Snowflake connection, and enter the following :

  • Display Name : Name of your Snowflake Connection

  • Server URL : URL of your Snowflake instance

  • Client Id : the OAUTH_CLIENT_ID from previous query in Snowflake

  • Client Secret : the OAUTH_CLIENT_SECRET rom previous query in Snowflake

Plus
bottom of page