SSO with Snowflake for Data Product Chat

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

When using Snowflake as a data source for a data product, the recommended authentication method for Chat is Snowflake OAuth (Open Authorization) using SSO (Single Sign-On). OAuth ensures secure, seamless access for users while enabling AI-powered querying through the Chat and Evaluate Data Product Chat features.

This topic explains how to configure SSO for data products using a Snowflake data source:

• Requirements for Users Accessing Snowflake via Chat

• Configure SSO Authentication for the Data Product

• Authenticate via Chat

Requirements for Users Accessing Snowflake via Chat

To successfully use Chat or Evaluate Chat with Snowflake:

1. Users must have SELECT privileges on the relevant database objects in Snowflake.

   A Snowflake administrator must grant sufficient access to the underlying data. If permissions are insufficient, users will see a Schema ‘schema.name’ does not exist or is not authorized error when attempting to use the Chat.

2. You must configure OAuth-based SSO for the Snowflake data source using either Snowflake built-in OAuth Service or Snowflake External OAuth.

   Use the information in Configure OAuth Via Snowflake Built-In OAuth Service or Configure Authentication Via Snowflake External OAuth to configure OAuth for Snowflake.

Note

If you have previously configured SSO for Compose for this Snowflake data source, you can use the same authentication profile (Config Name) for the data product chat configuration.

Configure SSO Authentication for the Data Product

To enable SSO authentication for Chat with a Snowflake data product:

1. Navigate to Data Products App from the left-side navigation.

2. Select My Data Products.

3. Locate the data product to configure.

4. Choose one of the following paths:

   • From the Data Products table, click the Edit icon. You are taken to the data product builder page. On the right side of the page, select the Configure tab.

   • From the Data Products table, click the data product name. The catalog page of the data product opens. Click the three-dot menu on the top right and select Configure Chat.

   

5. Under Configure, expand Configure Connection.

   

6. Select OAuth.

7. From the list of available authentication profiles, select the one you created in Snowflake for this configuration.

   

8. On the top right of the data product builder, click Save.

Authenticate via Chat

Once the authentication configuration is complete:

1. Navigate to Data Products App from the left-side navigation.

2. Select My Data Products.

3. Click a data product’s name to open it.

4. Click the Chat button on top right.

5. Click the connection indicator Missing connection.

6. Select Continue with SSO.

   

7. Snowflake’s login page appears. Choose Sign in using SSO. The screenshot below shows a Snowflake login screen via Snowflake External OAuth where the IdP is Okta.

   

8. Enter your SSO credentials to complete the authentication. After successful authentication, the Chat is ready for you to ask questions about the dataset.

9. Type your question at the bottom of the panel and click the Send icon. The screenshot below shows a connected Chat that is ready for user input.