Integrating Snowflake with Okta via OAuth

Integrate Okta with Tellius for Snowflake using OIDC. Follow this guide to configure apps, scopes, claims, and OAuth settings for secure authentication.

This guide will walk you through the steps to integrate Okta with Tellius for Snowflake.

1. Navigating to the Okta Admin Page

Start by navigating to your Okta Admin page.

2. Creating a New Application

Navigate to Applications from the main menu.
Select Applications from the dropdown and click on Create App Integration.

3. Configuring Application Settings

From the available options, choose OIDC - OpenID Connect --> Web Application.
In the Grant type options, click on all the available checkboxes and specify the necessary redirect URL(s). More than one URL can be specified.

4. Assignments and Saving

Under Assignments, click on Allow everyone in your organization to access option.
Click on Save.

5. Getting Client ID and Secret

After saving, open the application you just created.
Note down the Client ID and Client Secret for future reference.

6. Setting Up Security API

Navigate to Security from the main menu.
Select API -> default.

Click on Metadata URI. A new window will pop up.

Note down the following details from the output and close the window:
- issuer
- authorization_endpoint
- token_endpoint
- jwks_uri

7. Configuring Scopes and Claims

Go to the Scopes tab and create a new scope named session:role-any.
Click on Implicit for User consent.
Under Metadata, click on the Include in public metadata

Navigate to Claims and add a new claim called tellius_email.

8. Updating User Settings

Open a new browser tab and access the User Settings.
Update the secondary email to [email protected].
Return to the previous browser tab and navigate to Token Preview. Validate the token to ensure it contains the tellius_email value set as the secondary email.

9. Configuring Snowflake Console

Switch to your Snowflake console and execute the following commands:

create security integration external_oauth_okta
    type = external_oauth
    enabled = true
    external_oauth_type = okta
    external_oauth_any_role_mode = 'ENABLE'
    external_oauth_issuer = '<OAUTH_ISSUER>'
    external_oauth_jws_keys_url = '<KEYS_URI>'
    external_oauth_audience_list = ('api://default')
    external_oauth_token_user_mapping_claim = 'tellius_email'
    external_oauth_snowflake_user_mapping_attribute = 'EMAIL_ADDRESS';

Replace <OAUTH_ISSUER> and <KEYS_URI> with the values you noted down earlier.

10. Connecting to Tellius

With the above configurations completed, you're all set to connect to Tellius.
In Tellius, navigate to Data --> Connect --> Create new --> Snowflake --> OAuth.
Select Okta as the Authorization type from the dropdown.
For the remaining fields, enter the details as follows:

Snowflake URL: telliuspartner.snowflakecomputing.com
User: TELLIUS_PROD_TESTING
Client ID: (Use the Client ID from this section)
Client Secret: (Use the Client Secret from this section)
Authorization URL: (Use the authorization_endpoint from this section)
Access Token URL: (Use the token_endpoint from this section)
Scope: offline_access session:role-any

PreviousIntegrating Snowflake with Azure AD via OAuth NextAzure PrivateLink

Was this helpful?

hashtag1. Navigating to the Okta Admin Page

hashtag2. Creating a New Application

hashtag3. Configuring Application Settings

hashtag4. Assignments and Saving

hashtag5. Getting Client ID and Secret

hashtag6. Setting Up Security API

hashtag7. Configuring Scopes and Claims

hashtag8. Updating User Settings

hashtag9. Configuring Snowflake Console

hashtag10. Connecting to Tellius