How can we help?

Snowflake Integration

Uri Nativ
Uri Nativ
  • Updated

Overview

  • Torii integrates with Snowflake and syncs the Users' data: email, first name, last name, role, status, license status, creation time in-app, and last visit time.
  • Torii can support multiple Snowflake accounts.

Step 1: Create an OAuth Security Integration in Snowflake 

This step must be done by someone with ACCOUNTADMIN role in Snowflake.

Run the following SQL command to create an OAuth security integration:

CREATE OR REPLACE SECURITY INTEGRATION TORII
TYPE = oauth
ENABLED = true
OAUTH_CLIENT = custom
OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
OAUTH_REDIRECT_URI = 'https://api.toriihq.com/api/auth/snowflake/callback'
OAUTH_ISSUE_REFRESH_TOKENS = TRUE
OAUTH_REFRESH_TOKEN_VALIDITY = 7776000;

* The number 7776000 above is the token expiry time in seconds (90 days).

💡 You can set the number to 31622400 (366 days) if you have requested Snowflake support to extend the expiration period from 90 days to a year. For more details, refer to the FAQ section below.

 

To allow the SYSADMIN role full access to manage the integration, including modifying, using, and viewing its configuration, run the following command:

GRANT ALL ON INTEGRATION TORII TO SYSADMIN

After creating the OAuth security integration, run this command to retrieve the necessary information about the security integration, adding the chosen integration name between the quote marks (must be in all capital letters):

SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('TORII');

The output will look like the following:

{"OAUTH_CLIENT_SECRET_2":".......","OAUTH_CLIENT_SECRET":".......","OAUTH_CLIENT_ID":"........"}

Copy and save the text found between the quotes following "OAUTH_CLIENT_SECRET" and "OAUTH_CLIENT_ID" — excluding the quotes. These are the "Client Secret" and "Client Id," which you will need for step 3 below.

 

Step 2: Gather Additional Required Information in Snowflake

The 'Base Url' for Snowflake is also necessary. Execute the following SQL command:

DESCRIBE SECURITY INTEGRATION TORII;

Look for the line with the OAUTH_AUTHORIZATION_ENDPOINT property and copy the URL from the property_value that ends in .com.

For example, if the endpoint is `https://eva12345.snowflakecomputing.com/oauth/authorize`, the 'Base Url' would be `https://eva12345.snowflakecomputing.com`.

Step 3: Connect Snowflake to Torii

Now you should have the following Snowflake information required to connect Snowflake to Torii:

  1. Client ID
  2. Client Secret
  3. Base Url
  •  

To connect Snowflake to Torii, Ensure that the person who connects the app will have the default role: SYSADMIN, then follow these steps:

  1. Go to Torii's Integrations page and click the Snowflake tile
  2. Click Connect
  3. In the Connect Snowflake window, enter the Client ID & Client Secret
  4. Enter the Base Url
  5. Click Continue
    mceclip0.png
  6. The "Test Connection" window will display, generating the connection test.
    Click Connect to continue.
    mceclip1.png
  7. Once the integration is connected and synced, it will display a green checkbox.

     

FAQ

Can I Increase Token Expiry Time Beyond 90 Days?

By default, Snowflake sets OAuth authorizations to expire after 90 days. Once expired, your integration will cease functioning and you must re-establish the connection with Torii.

A Snowflake account administrator may extend the expiration period from 90 days to up to a year by submitting a request to Snowflake Support.

Connections that are already established will expire after the standard 90 days. However, connections that are new or re-established after the extension request has been processed will have an extended duration of one year.

Once Snowflake support has approved the increased limit for your account, execute the following command to extend the token expiration to 366 days:

ALTER SECURITY INTEGRATION TORII
SET OAUTH_REFRESH_TOKEN_VALIDITY = 31622400;

 

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request