Set Up Snowflake OAuth with Connected Sheets

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

Snowflake OAuth with Connected Sheets is a limited availability feature. Currently, it is only supported with the Snowflake OCF connector without Alation Agent and requires coordination with Alation Support to be set up.

View the table below to understand if it can be configured on your instance.

Spreadsheet App

Type

Snowflake Connector

Support for SnowflakeOAuth

  • Office 365 Excel

  • Google Sheets

Web:

  • Chrome

  • Firefox

Without Agent

Yes

With Agent

No

Office 365 Excel

Desktop:

  • MacOS

Without Agent

No

With Agent

No

Setting Up Snowflake OAuth with Connected Sheets

The steps below assume that your organization is already using single sign-on (SSO) with Snowflake.

Note

We have quality-certified this setup with Okta and Azure Active Directory (AD) as identity providers. While Alation hasn’t formally tested other identity providers, this setup is not exclusive to Okta and Azure AD. It is likely that additional identity providers are also compatible.

To set up OAuth:

  1. In Snowflake, create a security integration for custom clients using the template below.

    • Feel free to replace the name ALATION_CS with a custom name of your choosing.

    • Set the OAUTH_REFRESH_TOKEN_VALIDITY parameter to your preferred duration in seconds, matching it with your desired Connected Sheets report refresh frequency. For example, if you want your reports to be refreshed every week, set the OAUTH_REFRESH_TOKEN_VALIDITY value to a minimum of 604800 (a week in seconds). Find more information about the security integration parameters in Additional optional parameters in Snowflake documentation.

    • The OAUTH_REDIRECT_URI parameter must remain as 'https://connectedsheets.alationcloud.com/auth/snowflakeOAuthCallback'. Do not modify this value.

    CREATE SECURITY INTEGRATION ALATION_CS
TYPE = OAUTH
ENABLED = TRUE
OAUTH_CLIENT = CUSTOM
OAUTH_CLIENT_TYPE = 'PUBLIC'
OAUTH_REDIRECT_URI = 'https://connectedsheets.alationcloud.com/auth/snowflakeOAuthCallback'
OAUTH_ALLOW_NON_TLS_REDIRECT_URI=FALSE
OAUTH_ISSUE_REFRESH_TOKENS = TRUE
OAUTH_REFRESH_TOKEN_VALIDITY = 7776000;

  2. Retrieve the client ID and secret of the security integration with the command below.

    SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('ALATION_CS');

  3. Record the values for OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET_2 from the output in a secure location.

  4. Open a Support ticket with Alation to complete the configuration, providing the values of OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET_2 over a secure medium. An Alation Support representative will finalize the configuration and notify you via the Support ticket.