Connecting to Snowflake
​
Refer to Snowflake's documentation to learn how to find your account identifier. There are two account identifier formats, and the one you use depends on when you created your account.
​
Oneboard supports OAuth method to Snowflake:
-
OAuth: OAuth based authentication with individual user credentials. Each user is prompted to authenticate with Snowflake via an OAuth authentication flow.
​
Connecting to Snowflake with OAuth allows database administrators to:
-
Audit Oneboard users who run queries against the database.
-
Enforce role-based access controls using Snowflake permissions.
-
Use OAuth tokens for all processes and actions that access Snowflake, instead of embedding Snowflake IDs and passwords in multiple places
-
Revoke authorization for a given user through Snowflake
​
With Snowflake connections that use OAuth, users must log in again periodically when their OAuth tokens expire. The duration of validity for Snowflake OAuth tokens is set through Snowflake itself.
​
To use OAuth, you need a Client ID and Secret pair that's generated by creating a security integration in Snowflake for Oneboard.
​
Create a security integration in Snowflake
Note: Admin credentials required
Creating a SECURITY_INTEGRATION in Snowflake requires the ACCOUNTADMIN role or a global CREATE INTEGRATION privilege
First, create a security integration in Snowflake—this creates an interface between Snowflake and Oneboard using OAuth. Run the following command in the Snowflake UI.
USE ROLE ACCOUNTADMIN;
CREATE OR REPLACE SECURITY INTEGRATION ONEBOARD
TYPE = OAUTH
ENABLED = TRUE
OAUTH_CLIENT = CUSTOM
OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
OAUTH_REDIRECT_URI = 'https://sweeft.ai/oauth'
OAUTH_ISSUE_REFRESH_TOKENS = TRUE
OAUTH_REFRESH_TOKEN_VALIDITY = 7776000;
In example we provided a Refresh Token expiration of 7'776'000 sec which is 90 days.
We also encourage you to define a specific ROLE for SQL API and use a default /specific Warehouse for users using Oneboard.
​
Next, retrieve the OAuth Client ID and Client Secret for the security integration you just created by running the following command in the Snowflake UI:
SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('ONEBOARD');
You should see the OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET in the response of this query.
​
Connecting Oneboard to Snowflake
​
First, tap on icon in the Tab , then select Connections.
In connections screen, tap on new Snowflake connection, and enter the following :
-
Display Name : Name of your Snowflake Connection
-
Server URL : URL of your Snowflake instance
-
Client Id : the OAUTH_CLIENT_ID from previous query in Snowflake
-
Client Secret : the OAUTH_CLIENT_SECRET rom previous query in Snowflake