Tellius
  • ๐ŸšฉGetting Started
    • ๐Ÿ‘‹Say Hello to Tellius
      • Glossary
      • Tellius 101
      • Navigating around Tellius
      • Guided tours for quick onboarding
    • โšกQuick Start Guides
      • Search
      • Vizpads (Explore)
      • Insights (Discover)
    • โœ…Best Practices
      • Search
      • Vizpads (Explore)
      • Insights (Discover)
      • Predict
      • Data
    • โฌ‡๏ธInitial Setup
      • Tellius architecture
      • System requirements
      • Installation steps for Tellius
      • Customizing Tellius
    • Universal Search
    • ๐Ÿ Tellius Home Page
  • Kaiya
    • โ™Ÿ๏ธUnderstanding AI Agents & Agentic Flows
      • Glossary
      • Composer
      • ๐Ÿ—๏ธTriggering an agentic workflow
      • The art of possible
      • Setting up LLM for Kaiya
    • ๐ŸคนKaiya conversational AI
      • โ“FAQs on Kaiya Conversations
      • Triggering Insights with "Why" questions
      • Mastering Kaiya conversational AI
  • ๐Ÿ”Search
    • ๐Ÿ‘‹Get familiar with our Search interface
    • ๐Ÿค”Understanding Tellius Search
    • ๐Ÿ“Search Guide
    • ๐Ÿš€Executing a search query
      • Selecting a Business View
      • Typing a search query
      • Constructing effective search queries
      • Marketshare queries
    • ๐Ÿ”‘Analyzing search results
      • Understanding search results
      • Search Inspector
      • Time taken to execute a query
      • Interacting with the resulting chart
    • ๐Ÿ“ŠKnow your charts in Tellius
      • Understanding Tellius charts
      • Variations of a chart type
      • Building charts from Configuration pane
      • List of chart-specific fields
      • Adding columns to fields in Configuration pane
      • Absolute and percentage change aggregations
      • Requirements of charts
      • Switching to another chart
      • Formatting charts
      • Advanced Analytics
      • Cumulative line chart
    • ๐Ÿง‘โ€๐ŸซHelp Tellius learn
    • ๐Ÿ•ต๏ธโ€โ™‚๏ธSearch history
    • ๐ŸŽ™๏ธVoice-driven search
    • ๐Ÿ”ดLive Query mode
  • ๐Ÿ“ˆVizpads (Explore)
    • ๐Ÿ™‹Meet Vizpads!
    • ๐Ÿ‘‹Get familiar with our Vizpads
    • #๏ธโƒฃMeasures, dimensions, date columns
    • โœจCreating Vizpads
    • ๐ŸŒApplying global filters
      • Filters in multi-BV Vizpads
      • Filters using common columns
    • ๐Ÿ“ŒApplying local filters
    • ๐Ÿ“…Date picker in filters
      • Customizing the calendar view
    • โœ…Control filters
      • Multi-select list
      • Single-select list
      • Range slider
      • Dropdown list
    • ๐Ÿ‘๏ธActions in View mode
      • Interacting with the charts
    • ๐Ÿ“Actions in Edit mode
      • ๐Ÿ—จ๏ธViz-level actions
    • ๐Ÿ”งAnomaly management for line charts
      • Instance level
      • Vizpad level
      • Chart level
    • โณTime taken to load a chart
      • Instance level
      • Vizpad level
      • Chart level
    • โ™Ÿ๏ธWorking with sample datasets
    • ๐Ÿ”Swapping Business View of charts
      • Swapping only the current Vizpad
      • Swapping multiple objects
      • Configuring the time of swap
    • ๐Ÿค–Explainable AI charts
  • ๐Ÿ’กInsights (Discover)
    • ๐Ÿ‘‹Get familiar with our Insights
    • โ“Understanding the types of Insights
    • ๐Ÿ•ต๏ธโ€โ™‚๏ธDiscovery Insights
    • โž•How to create new Insights
      • ๐Ÿ”›Creating Discovery Insight
      • ๐Ÿ”‘Creating Key Driver Insights
      • ใ€ฐ๏ธCreating Trend Insights
      • ๐Ÿ‘ฏCreating Comparison Insights
    • ๐ŸงฎThe art of selecting columns for Insights
      • โžก๏ธHow to include/exclude columns?
  • ๐Ÿ”ขData
    • ๐Ÿ‘‹Get familiar with our Data module
    • ๐Ÿฅ‚Connect
    • ๐ŸชนCreate new datasource
      • Connecting to Oracle database
      • Connecting to MySQL database
      • Connecting to MS SQL database
      • Connecting to Postgres SQL database
      • Connecting to Teradata
      • Connecting to Redshift
      • Connecting to Hive
      • Connecting to Azure Blob Storage
      • Connecting to Spark SQL
      • Connecting to generic JDBC
      • Connecting to Salesforce
      • Connecting to Google cloud SQL
        • Connecting to a PostgreSQL cloud SQL instance
        • Connecting to an MSSQL cloud SQL instance
        • Connecting to a MySQL Cloud SQL Instance
      • Connecting to Amazon S3
      • Connecting to Google BigQuery
        • Steps to connect to a Google BigQuery database
      • Connecting to Snowflake
        • OAuth support for Snowflake
        • Integrating Snowflake with Azure AD via OAuth
        • Integrating Snowflake with Okta via OAuth
        • Azure PrivateLink
        • AWS PrivateLink
        • Best practices
      • Connecting to Databricks
      • Connecting to Databricks Delta Lake
      • Connecting to an AlloyDB Cluster
      • Connecting to HDFS
      • Connecting to Looker SQL Interface
      • Loading Excel sheets
      • ๐ŸšงUnderstanding partitioning your data
    • โณTime-to-Live (TTL) and Caching
    • ๐ŸŒทRefreshing a datasource
    • ๐ŸชบManaging your datasets
      • Swapping datasources
    • ๐ŸฃPreparing your datasets
      • ๐ŸคพActions that can be done on a dataset
      • Data Pipeline
      • SQL code snippets
      • โœ๏ธWriteback window
      • ๐ŸงฉEditing Prepare โ†’ Data
      • Handling null or mismatched values
      • Metadata view
      • List of icons and their actions
        • Functions
        • SQL Transform
        • Python Transform
        • Standard Aggregation
        • Creating Hierarchies
      • Dataset Scripting
      • Fusioning your datasets
      • Scheduling refresh for datasets
    • ๐ŸฅPreparing your Business Views
      • ๐ŸŒŸCreate a new Business View
      • Creating calculated columns
      • Creating dynamic parameters
      • Scheduling refresh for Business Views
      • Setting up custom calendars
    • Tellius Engine: Comparison of In-Memory vs. Live Mode
  • Feed
    • ๐Ÿ“ฉWhat is a Feed in Tellius?
    • โ—Alerts on the detection of anomalies
    • ๐Ÿ“ฅViewing and deleting metrics
    • ๐Ÿ–ฒ๏ธTrack a new metric
  • Assistant
    • ๐Ÿ’Introducing Tellius Assistant
    • ๐ŸŽคVoice-based Assistant
    • ๐Ÿ’ฌInteracting with Assistant
    • โ†–๏ธSelecting Business View
  • Embedding Tellius
    • What you should know before embedding
    • Embedding URL
      • ๐Ÿ“ŠEmbedding Vizpads
        • Apply and delete filters
        • Vizpad-related actionTypes
        • Edit, save, and share a Vizpad
        • Keep, remove, drill sections
        • Adding a Viz to a Vizpad
        • Row-level policy filters
      • ๐Ÿ’กEmbedding Insights
        • Creating and Viewing Insights
      • ๐Ÿ”ŽEmbedding Search
        • Search query execution
      • Embedding Assistant
      • ๐Ÿช„Embedding Kaiya
      • Embedding Feed
  • API
    • Insights APIs
    • Search APIs
    • Authentication API (Login API)
  • โœจWhat's New
    • Release 5.4
      • Patch 5.4.0.x
    • Release 5.3
      • Patch 5.3.1
      • Patch 5.3.2
      • Patch 5.3.3
    • Release 5.2
      • Patch 5.2.1
      • Patch 5.2.2
    • Release 5.1
      • Patch 5.1.1
      • Patch 5.1.2
      • Patch 5.1.3
    • Release 5.0
      • Patch 5.0.1
      • Patch 5.0.2
      • Patch 5.0.3
      • Patch 5.0.4
      • Patch 5.0.5
    • Release 4.3 (Fall 2023)
      • Patch 4.3.1
      • Patch 4.3.2
      • Patch 4.3.3
      • Patch 4.3.4
    • Release 4.2
      • Patch 4.2.1
      • Patch 4.2.2
      • Patch 4.2.3
      • Patch 4.2.4
      • Patch 4.2.5
      • Patch 4.2.6
      • Patch 4.2.7
    • Release 4.1
      • Patch 4.1.1
      • Patch 4.1.2
      • Patch 4.1.3
      • Patch 4.1.4
      • Patch 4.1.5
    • Release 4.0
Powered by GitBook

ยฉ 2025 Tellius

On this page
  • 1. Setting Up a Snowflake OAuth Resource in Azure AD
  • 2. Creating a Snowflake OAuth Client App in Azure AD
  • 3. Collecting Azure AD OAuth Information
  • 4. Configuring the OAuth Authorization server on Snowflake
  • 5. Configuring in Tellius

Was this helpful?

Export as PDF
  1. Data
  2. Create new datasource
  3. Connecting to Snowflake

Integrating Snowflake with Azure AD via OAuth

PreviousOAuth support for SnowflakeNextIntegrating Snowflake with Okta via OAuth

Last updated 4 months ago

Was this helpful?

The following steps will walk you through the process of integrating Azure Active Directory (Azure AD) with Snowflake for authentication using OAuth.

1. Setting Up a Snowflake OAuth Resource in Azure AD

Sign in to the

1.1. App registration for Snowflake OAuth resource

  • Navigate to Azure Active Directory.

  • Choose App registrations and then select New registration.

  • Enter a suitable name. For example, Tellius Snowflake OAuth Resource.

  • Under Supported account types, choose Accounts in this organizational directory only (Tellius only - Single Tenant).

1.2 Modifying the API

  • Once registered, select Expose an API from the left-hand pane.

  • Next to Application ID URI, click on Set. Change the default value (api://<alphanumeric value>) to one of the following and click on Save.

    • https://<alphanumeric value>.yourcompany.com (or)

    • https://yourcompany.com/<alphanumeric value>

  • For example: https://a1a79972-aecd-4b87-b28b-1bcf94aca1bf.xyz.com Please make sure your domain name is verified in Azure AD.

  • Remember to note down this URI as it will be used in future steps and is referred to as <SNOWFLAKE_APPLICATION_ID_URI>.

1.3 Adding a new scope

  • Click on Add a scope.

  • Under Scope name, type session:role-any. This allows Snowflake users to use any role they are granted.

  • Opt for both Admin and Users to give consent.

2. Creating a Snowflake OAuth Client App in Azure AD

2.1 App registration for Snowflake OAuth Client

  • Again, navigate to Azure Active Directory.

  • Choose App Registrations and then New registration.

  • Provide a suitable name (for example: Tellius Snowflake OAuth Client) and under Supported account types, choose Accounts in this organizational directory only (Tellius only - Single Tenant).

  • Once registered, click on Overview.

  • Find the Application (client) ID field and copy the ID. It's denoted as <OAUTH_CLIENT_ID> for future steps.

2.2 Setting up Authentication

  • Go to Authentication. Under the Web section, provide the redirect URI in this format: https://<Tellius URL>/dataset/wizard/snowflake.

2.3 Generating Client Secret

  • Navigate to Certificates & secrets.

  • Click on New client secret and choose a suitable expiry time.

  • Copy the secret's value. It will be referred to as <OAUTH_CLIENT_SECRET> in upcoming steps.

2.4 Defining API permissions

  • Go to API permissions and select Add a permission.

  • Pick My APIs and choose the Snowflake OAuth Resource you set up earlier.

  • On the Request API permissions page, check the Delegated permissions box. Then, select the permission related to the scope defined in the application from the list.

  • Click on Add permissions.

  • Under Configured permissions, select Grant admin consent for Default Directory and click Yes on the confirmation message.

3. Collecting Azure AD OAuth Information

3.1 Accessing OAuth Details

  • Navigate back to the Snowflake OAuth Resource App.

  • In the Overview section, select Endpoints.

  • On the displayed panel, copy the OAuth 2.0 token endpoint (v2) for OpenID Connect metadata and Federation Connect metadata. This will be referred to as <AZURE_AD_OAUTH_TOKEN_ENDPOINT> in subsequent steps.

  • The endpoint should be similar to https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token/.

3.2. Gathering OpenID Connect Metadata

  • Open the URL for OpenID Connect metadata in a new browser tab.

  • Find and copy the value of the "jwks_uri" parameter, which will be referred as <AZURE_AD_JWS_KEY_ENDPOINT> in the subsequent steps.

  • The endpoint should be similar to https://login.microsoftonline.com/<tenant_id>/discovery/v2.0/keys.

3.3. Fetching Federation Metadata

  • Launch the URL for the Federation metadata document in a new browser tab.

  • In the displayed XML, locate the "entityID" parameter in the XML Root Element and copy its value. This will be referred to as <AZURE_AD_ISSUER> in the subsequent steps.

4. Configuring the OAuth Authorization server on Snowflake

  1. The following are the required values for configuring Snowflake to create a security integration and connect to Azure AD:

  • Mapping Attribute - 'EMAIL_ADDRESS' or 'LOGIN_NAME'

  • Azure AD uses the email address as the username. If Snowflake has the same email set as the login name, any of these attributes can be used.

  1. To allow Snowflake to utilize the OAuth tokens from Azure AD, execute the following command:

create security integration external_oauth_azure
    type = external_oauth
    enabled = true
    external_oauth_type = azure
    external_oauth_issuer = '<AZURE_AD_ISSUER>'
    external_oauth_jws_keys_url = '<AZURE_AD_JWS_KEY_ENDPOINT>'
    external_oauth_audience_list = ('<SNOWFLAKE_APPLICATION_ID_URI>')
    external_oauth_token_user_mapping_claim = 'upn'
    external_oauth_any_role_mode = 'ENABLE'
    external_oauth_snowflake_user_mapping_attribute = 'EMAIL_ADDRESS';

5. Configuring in Tellius

In Tellius, navigate to Data --> Connect --> Snowflake --> OAuth.

Under Authentication type, choose Azure AD from the dropdown.

Snowflake URL - URL of Snowflake account (without "https://")

User - The username or service account, (For example, Snowflake user email)

Scope - The permissions being requested, (for example"user.read" or a custom scope related to Snowflake

Role - Enter the role to be used for accessing Snowflake

Datasource Name - Specify the name of the datasource

The entityID value should be similar to <tenant_id>/.

The OAuth 2.0 authorization endpoint (v2) should be similar to <tenant_id>/oauth2/v2.0/authorize which will be referred as <AZURE_AD_OAUTH_AUTH_ENDPOINT>

AZURE_AD_ISSUER - Refer

AZURE_AD_JWS_KEY_ENDPOINT - Refer

SNOWFLAKE_APPLICATION_ID_URI - Refer

Client ID - Copy and paste the <OAUTH_CLIENT_AD> from

Client secret - Copy and paste the <OAUTH_CLIENT_SECRET> from

Authorization URL - Copy and paste the <AZURE_AD_OAUTH_AUTH_ENDPOINT> from

Access token URL - Copy and paste the <AZURE_AD_OAUTH_TOKEN_ENDPOINT> from

๐Ÿ”ข
๐Ÿชน
https://sts.windows.net/
https://login.microsoftonline.com/
this section
this section
this section
this section
this section
this section
this section
Microsoft Azure Portal
Setting up Snowflake OAuth resource in Azure AD
Editing application ID
Adding a scope
Registring for Snowflake OAuth Client
Clent secrets
Requesting API permissions
Requesting API permissions
Configured permissions
Accessing OAuth
Endpoints tab
Configuring in Tellius