External OAuth for Snowflake¶
The ability to set up external identity providers for Snowflake is off by default. Contact your DataRobot representative or administrator for information on enabling the feature.
Feature flag: Enables External Identity Providers for Snowflake SSO
Now available for public preview, you can set up Snowflake data connections using an external identity provider (IdP)—either Okta or Azure Active Directory— for user authentication through OAuth single sign-on (SSO). Identity providers create and maintain identity information and provide authentication services to other applications, allowing a user to securely access applications without creating new passwords or usernames.
There are two ways to add external IdP credentials for a Snowflake data connection—by testing a new data connection or on the Credentials Management page. Select a tab below to learn how to set up External OAuth for Snowflake:
To create a new Snowflake data connection using external IdP parameters:
- Navigate to User Settings > Data Connections.
- Create a new Snowflake data connection.
- Test the data connection.
In the Test Data Connection window, select your OAuth provider from the dropdown—either Okta or Azure AD— and fill in the additional required fields.
To finish setup, follow the remaining instructions for Snowflake data connections with OAuth.
To add stored credentials for an external IdP:
External IdP parameters¶
The table below describes the additional required fields to connect to Okta or Azure AD:
|IssuerURL||The IdP that DataRobot will use to redirect users for authorization.|
|Scope||Used during the token acquisition process and must be pre-configured in Snowflake.|
The following are examples of
<client_app_id> in an Azure AD Scope:
Reach out to your administrator for the appropriate values for these fields.