Snowflake OAuth

Paradime supports OAuth authentication with Snowflake. When Snowflake OAuth is enabled, users can authorize their Development credentials using Single Sign On (SSO) via Snowflake rather than submitting a username and password to Paradime.

Snowflake

If Snowflake is setup with SSO through a third-party identity provider, developers can use this method to log into Snowflake and authorize the dbt™️ Development credentials without any additional setup.

Configuring a security integration

To enable Snowflake OAuth, you will need to create a security integration in Snowflake to manage the OAuth connection between Paradime and Snowflake.

Note: Only Snowflake account administrators (users with the ACCOUNTADMIN role) or a role with the global CREATE INTEGRATION privilege can execute this SQL command.

In Snowflake, execute a query to create a security integration. Please find the complete documentation on creating a security integration for custom clients here. You can find a sample create or replace security integration query below.

CREATE OR REPLACE SECURITY INTEGRATION PARADIME
  TYPE = OAUTH
  ENABLED = TRUE
  OAUTH_CLIENT = CUSTOM
  OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
  OAUTH_REDIRECT_URI = '<the redirect URI based on your paradime instance region>'
  OAUTH_ISSUE_REFRESH_TOKENS = TRUE
  OAUTH_USE_SECONDARY_ROLES = IMPLICIT
  OAUTH_REFRESH_TOKEN_VALIDITY = 7776000;

Field

Description

TYPE

Required

ENABLED

Required

OAUTH_CLIENT

Required

OAUTH_CLIENT_TYPE

Required

OAUTH_REDIRECT_URI

Required. Use the correct domain, you can check your selected region during onboarding in the Workspace Management section of your Account Settings. 🇪🇺 eu-west-2 (Europe - London) https://api.paradime.io/control-plane/snowflake/redirect 🇪🇺 eu-west-1 (Europe - Ireland) https://eu-w1-api.paradime.io/control-plane/snowflake/redirect 🇪🇺 eu-central-1 (Europe - Frankfurt) https://eu-c1-api.paradime.io/control-plane/snowflake/redirect 🇺🇸 us-east-1 (US East - N. Virginia) https://api.us.paradime.io/control-plane/snowflake/redirect

OAUTH_ISSUE_REFRESH_TOKENS

Required

OAUTH_REFRESH_TOKEN_VALIDITY

Required. This configuration dictates the number of seconds that a refresh token is valid for. Use a smaller value to force users to re-authenticate with Snowflake more frequently.

OAUTH_USE_SECONDARY_ROLES

[OPTIONAL] allow default secondary roles to be set in OAuth sessions.

Retrieve ClientID and Secret

To get the Client ID and Secret required to connect to Paradime run the below query in Snowflake:

with 

integration_secrets as (
  select parse_json(system$show_oauth_client_secrets('PARADIME')) as secrets
)

select
  secrets:"OAUTH_CLIENT_ID"::string     as client_id,
  secrets:"OAUTH_CLIENT_SECRET"::string as client_secret
from 
  integration_secrets;

PreviousBigQuery OAuth NextOptional connection attributes

Last updated 21 days ago

Was this helpful?

hashtagConfiguring a security integration​arrow-up-right

hashtagRetrieve ClientID and Secret

Configuring a security integration

Retrieve ClientID and Secret