What's New
Changelog - 5.1.3
Changelog - 5.1.2
Changelog - 5.1.1
Release 5.1
Changelog - 5.0.5
Changelog - 5.0.4
Changelog - 5.0.3
Changelog - 5.0.2
Changelog - 5.0.1
Release 5.0
Changelog - 4.3.4
Changelog - 4.3.3
Changelog - 4.3.2
Changelog - 4.3.1
Release 4.3 (Fall 2023)
Changelog - 4.2.7
Changelog - 4.2.6
Changelog - 4.2.5
Changelog - 4.2.4
Changelog - 4.2.3
Changelog - 4.2.1
Changelog - 4.2.2
Release 4.2
Changelog - 4.1.5
Changelog - 4.1.4
Changelog - 4.1.3
Changelog - 4.1.2
Changelog - 4.1.1
Release 4.1
Release 4.0
Release 3.9
Release 3.8
Release 3.7
Release 3.6
Release 3.5
Release 3.4
Release 3.3
Release 3.2
Release 3.1
Release 3.0
Release 2.4.1
Release 2.4
Free Cloud Trial
Release 1.8
Release 2.3
Release 2.2
Release 2.1
Release 2.0
Release 1.7
Release 1.6
Release 1.5
Release 5.2
Getting Started
Quick Guide
Best Practices Guide
Search - Best Practices
Vizpads (Explore) - Best Practices
Insights (Discover) - Best Practices
Predict - Best Practices
Data - Best Practices
Glossary
Tellius 101
Navigating around Tellius
System requirements
Tellius Architecture
Installation steps for Tellius
Guided tours for quick onboarding
Customizing Tellius
Search (Natural Language)
Search in Tellius
Guide Me
How to Search
Business View List / Columns
Query
Query
Percentage Queries
Time Period Queries
Live Query
Generating Insights-based queries from Search
Search Result
Discover Insights
Interactions
Chart Operations
Add to Vizpad
Table View
Switch Chart type
Change Chart Config
Apply Filters
Change Formatting
Measure Aggregation - Market Share Change
View Raw Data
Download/ Export
Embed URL
Partial Data for Visualization
Best-fit visual
Add to Vizpad
Adding the chart to a Vizpad
Customize the auto-picked columns
Search Query Inspector
Teach Tellius
History
Guided Search
Add Guided Search Experience
Display Names in the Search Guide
Guided Search
Guided Search Syntax and Attributes
Deep Dive
Maps in Search
Search Keywords
Percentage Queries
Time Period Queries
Year-over-Year Analysis
Additional Filters
Pagination
List View In Search Results
Marketshare queries
Embed Search
Personalized Search
Search Cheat Sheet
Filters in Help Tellius Learn
Explore (Vizpads)
Dashboards in Tellius
Vizpad Creation
Create Interactive Content
Create Visualization Charts
List of Charts
Common Chart Types
Line Chart
Bar Chart
Pie Chart
Year-over-Year Functionality in Vizpad
Area Chart
Combo Chart
KPI Target Chart
Treemaps
Bubble Chart
Histogram
Heat-Map Charts
Scatter Chart
Other Charts
Cumulative line chart
Cohort Chart
Explainable AI Charts
For each chart
Create Visualization Charts
Global Filters
Embedded Filters
Other Content
Anomaly management for charts
Creating Interactive Content
Vizpad level Interactions
Viz level Interactions
Discover Insights
Drivers
Discover hidden insights - Genius Insights
How Genius Insights works
Discoveries in Insight
Anomalies on Trend
Interactions
Chart Operations
Switch Chart type
Change Chart Config
Apply Filters
Change Formatting
Add X/Y Axis Target Lines to Scatter Chart
Improvements to Conditional Formatting
Adding Annotations to Tables
Displaying query execution time
Embedding Vizpad
Vizpad Consumption
Collection of Interactive Content
Vizpad level Interactions
Global Filter on the fly
Global Resolutions
Refresh
Notifications / Alerts
Share
Download / Export
Unique name for Vizpads
Edit Column Width
Viz level Interactions
Importing bulk filter values
Multi-Business View Vizpads
Discover (Genius Insights)
Discoveries
What are discoveries
Type of Discoveries in Tellius
Create Discoveries
Kick-off Key Drivers
Edit Insights
Key Driver Insights
Components of Key Drivers
What are Key Drivers
Edit Key Driver Insights
Segment Drivers
Trend Drivers
Trend Insights (Why Insights)
Components of Trend Insights
WHAT: Top Contributors
WHY: Top Reasons
HOW: Top Recommendations
Seamlessly navigating to "Why" from "What"
Create Trend Insight
Edit Trend Insights
What are Trend Insights
Comparison Insights
Components of Comparison Insights
Create Comparison Insight
What are Comparison Insights
Edit Comparison Insights
Others Actions
Save
Refresh
Share Insights
Download
Adding Insights to Vizpad
Insights Enhancements
Embedding Insight
Impact Calculation for Top Contributors
Marketshare
Live Insights
Predict (Machine Learning)
Machine Learning
AutoML
How to create AutoML models
Leaderboard
Prediction
Others
What is AutoML
Point-n-Click Predict
Feed (Track Metrics)
Assistant (Conversations)
Tellius on Mobile devices
Data (Connect, Transform, Model)
Connectors
Connector Setup
Google BigQuery
Google Cloud SQL
Connecting to a PostgreSQL Cloud SQL Instance
Connecting to an MSSQL Cloud SQL Instance
Connecting to a MySQL Cloud SQL Instance
Snowflake
PrivateLink
Snowflake Best Practices
OAuth support for Snowflake
Integrating Snowflake with Azure AD via OAuth
Integrating Snowflake with Okta via OAuth
Edit Connector
Live Connect
Data Import
Cache
Direct Business View
JDBC connector for PrestoDB
Amazon S3
Time-to-Live (TTL) and Caching
Loading Excel sheets
Looker SQL Interface
Databricks
Connecting to an AlloyDB Cluster
List of Connectors by Type
Tables Connections
Custom SQL
Schedule Connector Refresh
Share Connections
Datasets
Load Datasets
Configure Datasets (Measure/Dimensions)
Transform Datasets
Create Business View
Share Datasets
Copy Datasets
Delete Datasets
Swapping datasources
Metadata migration
Data Prep
Datasets
Data Profiling / Statistics
Transformations
Dataset Transform
Aggregate Transforms
Calculated Columns
SQL Transform
Python Transform
Create Hierarchies
Filter Data
SQL Code Snippets
Multiple Datasets Scripting SQL
Column Transforms
Column Metadata
Column type
Feature type
Aggregation
Data type
Special Types
Synonym
Rename Column
Filter Column
Delete Column
Variable Display Names
Other Functions
Metadata View
Dataset Information
Dataset Preview
Alter Pipeline Stage
Edit / Publish Datasets
Data Pipeline (Visual)
Alerts
Partitioning for JDBC Datasets
Export Dataset
Write-back capabilities
Data Fusion
Schedule Refresh
Business Views
Create Business View
Create Business View
Datasets Preview & List
Add datasets to Model
Joins
Column selection
Column configuration
Primary Date
Geo-tagging state/country/city
Save to Fast Query Engine
Publish
Business View
What is Data Model
BV Visual Representation (Preview)
BV Data Sample
Learnings (from Teach Me)
Custom Calculations (Report-level Calc)
Predictions on BV
BV Refresh
Export/ Download Business View
Share Business View
URL in Business View
Request Edit Access
Tellius Engine: Comparison of In-Memory vs. Live Mode
Projects (Organize Content)
Monitor Tellius
Embedding Tellius
Embedding
Settings
About Tellius
User Profile
Admin Settings
Manage Users
Team (Users)
Details & Role
Create a new user
Edit user details
Assigning the user data to another user
Restricting the dataset for a user
Deleting a user
Assign User Objects
User roles and permissions
Teammates (Groups)
Authentication & Authorization
Authentication
Authorization (Roles)
API Access (OAuth Access)
Audit Logs
Application & Advanced Settings
Data
Machine Learning
Genius Insights
Usage tracking & Support
CDN
Download Business View, Dataset, and Insights for Live BV
Customize Help
Impersonate
Data Size Estimation and Calculation
Miscellaneous Application Settings
Configuration for time/date-related results
Dataflow Access
Enable In-memory operations on Live sources
Language Support
Administration
Setup & Configuration
Installation Guide
AWS Marketplace
Autoscaling
Backup and Restore
Help & Support
FAQ
Data Preparation FAQs
Environment FAQs
Search FAQs
Vizpads FAQs
Data Caching
Security FAQs
Embedding FAQs
Insights FAQs
Tellius Product Roadmap
Help and Support System
Guided Tours
Product Videos
Articles & Docs
Provide Feedback
Connect with Tellius team
Support Process
Notifications
Tellius Kaiya
Say hello to Tellius Kaiya 👋
Automating the generation and validation of SQL/Python code
Kaiya Learnings
Automating the generation of metadata
Kaiya mode in Search
Chart and tab summaries
Getting Started Videos
Getting Started
Tellius Connect
Tellius Data Overview Video
Connecting to Flat Files Video
Connecting to Data Sources Video
Live Connections Video
Data Refresh and Scheduling Video
Tellius Prep
Getting Started with Tellius Prep Video
Transformations, Indicators, Signatures, Aggregations and Filters Video
SQL and Python Video
Working with Dates Video
Data Fusion Video
Business View Video
Business Mapping Video
Report Level Calculations Video
Writeback to DB
Natural Language Search
Getting Started with Search Video
How-To Search Video
Customizing Search Results Video
Search Interactions Video
Help Tellius Learn
Explore - Vizpads
Getting Started with Vizpads Video
Creating Vizpads Video
Creating and Configuring Visualizations Video
Viz-Level Interactions Video
Vizpad-Level Interactions Video
Auto Insights
Getting Started with Auto Insights Video
Discovery Insights Video
Segment Insights Video
Trend Insights Video
Comparison Insights Video
Iterate on Insights Video
Tellius Feed Video
Predict - ML Modeling
Getting Started with Predict Video
AutoML Configuration Video
AutoML Leaderboard Video
Point-n-Click Regression Video
Point-n-Click Classification Video
Point-n-Click Clustering Video
Point-n-Click Time Series Video
Point-n-Click PythonML Video
PredictAPI Video
Apply ML Model Video
ML Refresh and Schedule Video
Admin
Best Practices & FAQs
API Documentation
Vizpad APIs
User & user groups APIs
Machine Learning APIs
Fall 2023 (4.3)
Table of Contents
- All Categories
- Data (Connect, Transform, Model)
- Connectors
- Connector Setup
- Snowflake
- Integrating Snowflake with Azure AD via OAuth
Integrating Snowflake with Azure AD via OAuth
Updated by Ramya Priya
The following steps will walk you through the process of integrating Azure Active Directory (Azure AD) with Snowflake for authentication using OAuth.
1. Setting Up a Snowflake OAuth Resource in Azure AD
Sign in to the Microsoft Azure Portal
1.1. App registration for Snowflake OAuth resource
- Navigate to Azure Active Directory.
- Choose App registrations and then select New registration.
- Enter a suitable name. For example, Tellius Snowflake OAuth Resource.
- Under Supported account types, choose Accounts in this organizational directory only (Tellius only - Single Tenant).
1.2 Modifying the API
- Once registered, select Expose an API from the left-hand pane.
- Next to Application ID URI, click on Set. Change the default value (api://<alphanumeric value>) to one of the following and click on Save.
- https://<alphanumeric value>.yourcompany.com (or)
- https://yourcompany.com/<alphanumeric value>
- For example: https://a1a79972-aecd-4b87-b28b-1bcf94aca1bf.xyz.com
Please make sure your domain name is verified in Azure AD. - Remember to note down this URI as it will be used in future steps and is referred to as <SNOWFLAKE_APPLICATION_ID_URI>.
1.3 Adding a new scope
- Click on Add a scope.
- Under Scope name, type session:role-any. This allows Snowflake users to use any role they are granted.
- Opt for both Admin and Users to give consent.
2. Creating a Snowflake OAuth Client App in Azure AD
2.1 App registration for Snowflake OAuth Client
- Again, navigate to Azure Active Directory.
- Choose App Registrations and then New registration.
- Provide a suitable name (for example: Tellius Snowflake OAuth Client) and under Supported account types, choose Accounts in this organizational directory only (Tellius only - Single Tenant).
- Once registered, click on Overview.
- Find the Application (client) ID field and copy the ID. It's denoted as <OAUTH_CLIENT_ID> for future steps.
2.2 Setting up Authentication
- Go to Authentication. Under the Web section, provide the redirect URI in this format: https://<Tellius URL>/dataset/wizard/snowflake.
2.3 Generating Client Secret
- Navigate to Certificates & secrets.
- Click on New client secret and choose a suitable expiry time.
- Copy the secret's value. It will be referred to as <OAUTH_CLIENT_SECRET> in upcoming steps.
2.4 Defining API permissions
- Go to API permissions and select Add a permission.
- Pick My APIs and choose the Snowflake OAuth Resource you set up earlier.
- On the Request API permissions page, check the Delegated permissions box. Then, select the permission related to the scope defined in the application from the list.
- Click on Add permissions.
- Under Configured permissions, select Grant admin consent for Default Directory and click Yes on the confirmation message.
3. Collecting Azure AD OAuth Information
3.1 Accessing OAuth Details
- Navigate back to the Snowflake OAuth Resource App.
- In the Overview section, select Endpoints.
- On the displayed panel, copy the OAuth 2.0 token endpoint (v2) for OpenID Connect metadata and Federation Connect metadata. This will be referred to as <AZURE_AD_OAUTH_TOKEN_ENDPOINT> in subsequent steps.
- The endpoint should be similar to https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token/.
3.2. Gathering OpenID Connect Metadata
- Open the URL for OpenID Connect metadata in a new browser tab.
- Find and copy the value of the "jwks_uri" parameter, which will be referred as <AZURE_AD_JWS_KEY_ENDPOINT> in the subsequent steps.
- The endpoint should be similar to https://login.microsoftonline.com/<tenant_id>/discovery/v2.0/keys.
3.3. Fetching Federation Metadata
- Launch the URL for the Federation metadata document in a new browser tab.
- In the displayed XML, locate the "entityID" parameter in the XML Root Element and copy its value. This will be referred to as <AZURE_AD_ISSUER> in the subsequent steps.
- The entityID value should be similar to https://sts.windows.net/<tenant_id>/.
The OAuth 2.0 authorization endpoint (v2) should be similar to https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/authorize which will be referred as <AZURE_AD_OAUTH_AUTH_ENDPOINT>
4. Configuring the OAuth Authorization server on Snowflake
- The following are the required values for configuring Snowflake to create a security integration and connect to Azure AD:
- AZURE_AD_ISSUER - Refer this section
- AZURE_AD_JWS_KEY_ENDPOINT - Refer this section
- SNOWFLAKE_APPLICATION_ID_URI - Refer this section
- Mapping Attribute - 'EMAIL_ADDRESS' or 'LOGIN_NAME'
- Azure AD uses the email address as the username. If Snowflake has the same email set as the login name, any of these attributes can be used.
- To allow Snowflake to utilize the OAuth tokens from Azure AD, execute the following command:
create security integration external_oauth_azure
type = external_oauth
enabled = true
external_oauth_type = azure
external_oauth_issuer = '<AZURE_AD_ISSUER>'
external_oauth_jws_keys_url = '<AZURE_AD_JWS_KEY_ENDPOINT>'
external_oauth_audience_list = ('<SNOWFLAKE_APPLICATION_ID_URI>')
external_oauth_token_user_mapping_claim = 'upn'
external_oauth_any_role_mode = 'ENABLE'
external_oauth_snowflake_user_mapping_attribute = 'EMAIL_ADDRESS';
5. Configuring in Tellius
In Tellius, navigate to Data --> Connect --> Snowflake --> OAuth.
Under Authentication type, choose Azure AD from the dropdown.
Snowflake URL - URL of Snowflake account (without "https://")
User - The username or service account, (For example, Snowflake user email)
Client ID - Copy and paste the <OAUTH_CLIENT_AD> from this section
Client secret - Copy and paste the <OAUTH_CLIENT_SECRET> from this section
Authorization URL - Copy and paste the <AZURE_AD_OAUTH_AUTH_ENDPOINT> from this section
Access token URL - Copy and paste the <AZURE_AD_OAUTH_TOKEN_ENDPOINT> from this section
Scope - The permissions being requested, (for example"user.read" or a custom scope related to Snowflake
Role - Enter the role to be used for accessing Snowflake
Datasource Name - Specify the name of the datasource