Integrating Snowflake with Okta via OAuth
Last updated
Was this helpful?
Last updated
Was this helpful?
This guide will walk you through the steps to integrate Okta with Tellius for Snowflake.
Start by navigating to your Okta Admin page.
Navigate to Applications from the main menu.
Select Applications from the dropdown and click on Create App Integration.
From the available options, choose OIDC - OpenID Connect --> Web Application.
In the Grant type options, click on all the available checkboxes and specify the necessary redirect URL(s). More than one URL can be specified.
Under Assignments, click on Allow everyone in your organization to access option.
Click on Save.
After saving, open the application you just created.
Note down the Client ID and Client Secret for future reference.
Navigate to Security from the main menu.
Select API -> default.
Click on Metadata URI. A new window will pop up.
Note down the following details from the output and close the window:
issuer
authorization_endpoint
token_endpoint
jwks_uri
Go to the Scopes tab and create a new scope named session:role-any.
Click on Implicit for User consent.
Under Metadata, click on the Include in public metadata
Navigate to Claims and add a new claim called tellius_email.
Open a new browser tab and access the User Settings.
Update the secondary email to snowflake.serviceaccount@tellius.com.
Return to the previous browser tab and navigate to Token Preview. Validate the token to ensure it contains the tellius_email value set as the secondary email.
Switch to your Snowflake console and execute the following commands:
Replace <OAUTH_ISSUER> and <KEYS_URI> with the values you noted down earlier.
With the above configurations completed, you're all set to connect to Tellius.
In Tellius, navigate to Data --> Connect --> Create new --> Snowflake --> OAuth.
Select Okta as the Authorization type from the dropdown.
For the remaining fields, enter the details as follows:
Snowflake URL: telliuspartner.snowflakecomputing.com
User: TELLIUS_PROD_TESTING
Client ID: (Use the Client ID from this section)
Client Secret: (Use the Client Secret from this section)
Authorization URL: (Use the authorization_endpoint from this section)
Access Token URL: (Use the token_endpoint from this section)
Scope: offline_access session:role-any