# Snowflake OAuth Paradime supports OAuth authentication with Snowflake. When Snowflake OAuth is enabled, users can authorize their Development credentials using Single Sign On (SSO) via Snowflake rather than submitting a username and password to Paradime. {% content-ref url="../development-environment/snowflake" %} [snowflake](https://docs.paradime.io/app-help/documentation/settings/connections/development-environment/snowflake) {% endcontent-ref %} If Snowflake is setup with SSO through a third-party identity provider, developers can use this method to log into Snowflake and authorize the dbt™️ Development credentials without any additional setup. {% @arcade/embed flowId="FYIOxg6CdsuHctSuy6BA" url="" %} ## **Configuring a security integration**[**​**](https://app.paradime.io/_help/92e9662/connecting-dwh-snowflake#configuring-a-security-integration) To enable Snowflake OAuth, you will need to create a [security integration](https://docs.snowflake.com/en/sql-reference/sql/create-security-integration.html) in Snowflake to manage the OAuth connection between Paradime and Snowflake. {% hint style="warning" %} Note: Only Snowflake account administrators (users with the `ACCOUNTADMIN` role) or a role with the global `CREATE INTEGRATION` privilege can execute this SQL command. {% endhint %} In Snowflake, execute a query to create a security integration. Please find the complete documentation on creating a security integration for custom clients [here](https://docs.snowflake.com/en/sql-reference/sql/create-security-integration.html). You can find a sample create or replace security integration query below. {% code lineNumbers="true" %} ```sql CREATE OR REPLACE SECURITY INTEGRATION PARADIME TYPE = OAUTH ENABLED = TRUE OAUTH_CLIENT = CUSTOM OAUTH_CLIENT_TYPE = 'CONFIDENTIAL' OAUTH_REDIRECT_URI = '' OAUTH_ISSUE_REFRESH_TOKENS = TRUE OAUTH_USE_SECONDARY_ROLES = IMPLICIT OAUTH_REFRESH_TOKEN_VALIDITY = 7776000; ``` {% endcode %} | Field | Description | | ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | TYPE | Required | | ENABLED | Required | | OAUTH\_CLIENT | Required | | OAUTH\_CLIENT\_TYPE | Required | | OAUTH\_REDIRECT\_URI |

Required. Use the correct domain, you can check your selected region during onboarding in the Workspace Management section of your Account Settings.

🇪🇺 eu-west-2 (Europe - London)

🇪🇺 eu-west-1 (Europe - Ireland)

🇪🇺 eu-central-1 (Europe - Frankfurt)

🇺🇸 us-east-1 (US East - N. Virginia)

| | OAUTH\_ISSUE\_REFRESH\_TOKENS | Required | | OAUTH\_REFRESH\_TOKEN\_VALIDITY | Required. This configuration dictates the number of seconds that a refresh token is valid for. Use a smaller value to force users to re-authenticate with Snowflake more frequently. | | OAUTH\_USE\_SECONDARY\_ROLES | \[OPTIONAL] allow default secondary roles to be set in OAuth sessions. | ## Retrieve ClientID and Secret To get the Client ID and Secret required to connect to Paradime run the below query in Snowflake: {% code lineNumbers="true" %} ```sql with integration_secrets as ( select parse_json(system$show_oauth_client_secrets('PARADIME')) as secrets ) select secrets:"OAUTH_CLIENT_ID"::string as client_id, secrets:"OAUTH_CLIENT_SECRET"::string as client_secret from integration_secrets; ``` {% endcode %}