# Snowflake OAuth Paradime supports OAuth authentication with Snowflake. When Snowflake OAuth is enabled, users can authorize their Development credentials using Single Sign On (SSO) via Snowflake rather than submitting a username and password to Paradime. {% content-ref url="/pages/ut6a2vl7Rn2insrXjU5U" %} [Snowflake](/app-help/documentation/settings/connections/development-environment/snowflake.md) {% endcontent-ref %} If Snowflake is setup with SSO through a third-party identity provider, developers can use this method to log into Snowflake and authorize the dbt™️ Development credentials without any additional setup. {% @arcade/embed url="" flowId="FYIOxg6CdsuHctSuy6BA" %} ## **Configuring a security integration**[**​**](https://app.paradime.io/_help/92e9662/connecting-dwh-snowflake#configuring-a-security-integration) To enable Snowflake OAuth, you will need to create a [security integration](https://docs.snowflake.com/en/sql-reference/sql/create-security-integration.html) in Snowflake to manage the OAuth connection between Paradime and Snowflake. {% hint style="warning" %} Note: Only Snowflake account administrators (users with the `ACCOUNTADMIN` role) or a role with the global `CREATE INTEGRATION` privilege can execute this SQL command. {% endhint %} In Snowflake, execute a query to create a security integration. Please find the complete documentation on creating a security integration for custom clients [here](https://docs.snowflake.com/en/sql-reference/sql/create-security-integration.html). You can find a sample create or replace security integration query below. {% code lineNumbers="true" %} ```sql CREATE OR REPLACE SECURITY INTEGRATION PARADIME TYPE = OAUTH ENABLED = TRUE OAUTH_CLIENT = CUSTOM OAUTH_CLIENT_TYPE = 'CONFIDENTIAL' OAUTH_REDIRECT_URI = '' OAUTH_ISSUE_REFRESH_TOKENS = TRUE OAUTH_USE_SECONDARY_ROLES = IMPLICIT OAUTH_REFRESH_TOKEN_VALIDITY = 7776000; ``` {% endcode %} | Field | Description | | ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | TYPE | Required | | ENABLED | Required | | OAUTH\_CLIENT | Required | | OAUTH\_CLIENT\_TYPE | Required | | OAUTH\_REDIRECT\_URI |

Required. Use the correct domain, you can check your selected region during onboarding in the Workspace Management section of your Account Settings.

🇪🇺 eu-west-2 (Europe - London)

🇪🇺 eu-west-1 (Europe - Ireland)

🇪🇺 eu-central-1 (Europe - Frankfurt)

🇺🇸 us-east-1 (US East - N. Virginia)

| | OAUTH\_ISSUE\_REFRESH\_TOKENS | Required | | OAUTH\_REFRESH\_TOKEN\_VALIDITY | Required. This configuration dictates the number of seconds that a refresh token is valid for. Use a smaller value to force users to re-authenticate with Snowflake more frequently. | | OAUTH\_USE\_SECONDARY\_ROLES | \[OPTIONAL] allow default secondary roles to be set in OAuth sessions. | ## Retrieve ClientID and Secret To get the Client ID and Secret required to connect to Paradime run the below query in Snowflake: {% code lineNumbers="true" %} ```sql with integration_secrets as ( select parse_json(system$show_oauth_client_secrets('PARADIME')) as secrets ) select secrets:"OAUTH_CLIENT_ID"::string as client_id, secrets:"OAUTH_CLIENT_SECRET"::string as client_secret from integration_secrets; ``` {% endcode %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.paradime.io/app-help/documentation/settings/connections/connection-security/snowflake-oauth.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.