# Integrating Snowflake with Okta via OAuth
This guide will walk you through the steps to integrate Okta with Tellius for Snowflake.
### **1. Navigating to the Okta Admin Page**
Start by navigating to your Okta Admin page.
### **2. Creating a New Application**
* Navigate to **Applications** from the main menu.
* Select **Applications** from the dropdown and click on **Create App Integration.**
Creating a new application
### **3. Configuring Application Settings**
* From the available options, choose **OIDC - OpenID Connect -->** **Web Application**.
* In the **Grant type** options, click on all the available checkboxes and specify the necessary redirect URL(s). More than one URL can be specified.
Configuring application settings
### **4. Assignments and Saving**
* Under **Assignments**, click on **Allow everyone in your organization to access** option.
* Click on **Save**.
Assignments
### **5. Getting Client ID and Secret**
* After saving, open the application you just created.
* Note down the **Client ID** and **Client Secret** for future reference.
### **6. Setting Up Security API**
* Navigate to **Security** from the main menu.
* Select **API -> default**.
Security API
* Click on **Metadata URI**. A new window will pop up.
Metadata URI
* Note down the following details from the output and close the window:
* issuer
* authorization\_endpoint
* token\_endpoint
* jwks\_uri
### **7. Configuring Scopes and Claims**
* Go to the **Scopes** tab and create a new scope named *session:role-any*.
* Click on **Implicit** for **User consent**.
* Under **Metadata**, click on the **Include in public metadata**
Editing scope
* Navigate to **Claims** and add a new claim called *tellius\_email*.
Editing claims
### **8. Updating User Settings**
* Open a new browser tab and access the **User Settings.**
* Update the secondary email to **.
* Return to the previous browser tab and navigate to **Token Preview**. Validate the token to ensure it contains the *tellius\_email* value set as the secondary email.
Updating user settings
### **9. Configuring Snowflake Console**
Switch to your Snowflake console and execute the following commands:
```sql
create security integration external_oauth_okta
type = external_oauth
enabled = true
external_oauth_type = okta
external_oauth_any_role_mode = 'ENABLE'
external_oauth_issuer = ''
external_oauth_jws_keys_url = ''
external_oauth_audience_list = ('api://default')
external_oauth_token_user_mapping_claim = 'tellius_email'
external_oauth_snowflake_user_mapping_attribute = 'EMAIL_ADDRESS';
```
Replace *\* and *\* with the values you noted down earlier.
### **10. Connecting to Tellius**
1. With the above configurations completed, you're all set to connect to Tellius.
2. In Tellius, navigate to **Data --> Connect --> Create new --> Snowflake --> OAuth**.
3. Select **Okta** as the **Authorization type** from the dropdown.
4. For the remaining fields, enter the details as follows:
Configuring Snowflake in Tellius
* **Snowflake URL:** telliuspartner.snowflakecomputing.com
* **User:** TELLIUS\_PROD\_TESTING
* **Client ID:** (Use the Client ID from [this section](https://help.tellius.com/article/bf7ue9t02b-integrating-snowflake-with-okta-via-oauth#5_getting_client_id_and_secret))
* **Client Secret:** (Use the Client Secret from [this section](https://help.tellius.com/article/bf7ue9t02b-integrating-snowflake-with-okta-via-oauth#5_getting_client_id_and_secret))
* **Authorization URL:** (Use the authorization\_endpoint from [this section](https://help.tellius.com/article/bf7ue9t02b-integrating-snowflake-with-okta-via-oauth#6_setting_up_security_api))
* **Access Token URL:** (Use the token\_endpoint from [this section](https://help.tellius.com/article/bf7ue9t02b-integrating-snowflake-with-okta-via-oauth#6_setting_up_security_api))
* **Scope:** offline\_access session:role-any
