top of page
Snowflake Oneboard

Connecting to Snowflake

​

Refer to Snowflake's documentation to learn how to find your account identifier. There are two account identifier formats, and the one you use depends on when you created your account.

​

Oneboard supports OAuth method to Snowflake:

  • OAuth: OAuth based authentication with individual user credentials. Each user is prompted to authenticate with Snowflake via an OAuth authentication flow.

​

Connecting to Snowflake with OAuth allows database administrators to:

  • Audit Oneboard users who run queries against the database.

  • Enforce role-based access controls using Snowflake permissions.

  • Use OAuth tokens for all processes and actions that access Snowflake, instead of embedding Snowflake IDs and passwords in multiple places

  • Revoke authorization for a given user through Snowflake

​

With Snowflake connections that use OAuth, users must log in again periodically when their OAuth tokens expire. The duration of validity for Snowflake OAuth tokens is set through Snowflake itself.

​

To use OAuth, you need a Client ID and Secret pair that's generated by creating a security integration in Snowflake for Oneboard.

​

Create a security integration in Snowflake

Note: Admin credentials required

Creating a SECURITY_INTEGRATION in Snowflake requires the ACCOUNTADMIN role or a global CREATE INTEGRATION privilege

First, create a security integration in Snowflake—this creates an interface between Snowflake and Oneboard using OAuth. Run the following command in the Snowflake UI.

USE ROLE ACCOUNTADMIN;

 

CREATE OR REPLACE SECURITY INTEGRATION ONEBOARD

TYPE = OAUTH

ENABLED = TRUE

OAUTH_CLIENT = CUSTOM

OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'

OAUTH_REDIRECT_URI = 'https://sweeft.ai/oauth'

OAUTH_ISSUE_REFRESH_TOKENS = TRUE

OAUTH_REFRESH_TOKEN_VALIDITY = 7776000;

In example we provided a Refresh Token expiration of 7'776'000 sec which is 90 days.

We also encourage you to define a specific ROLE for SQL API and use a default /specific Warehouse for users using Oneboard.

​

Next, retrieve the OAuth Client ID and Client Secret for the security integration you just created by running the following command in the Snowflake UI:

SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('ONEBOARD');

You should see the OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET in the response of this query.

​

Connecting Oneboard to Snowflake

​

First, tap on             icon in the Tab , then select Connections.

In connections screen, tap on new Snowflake connection, and enter the following :

  • Display Name : Name of your Snowflake Connection

  • Server URL : URL of your Snowflake instance

  • Client Id : the OAUTH_CLIENT_ID from previous query in Snowflake

  • Client Secret : the OAUTH_CLIENT_SECRET rom previous query in Snowflake

Plus
bottom of page