Getting started
Working with files
Connecting to data sources
Coding and analysis tools
Collaboration
Security and privacy
Deepnote for education
Additional resources
Snowflake OAuth
Deepnote allows each user to authenticate to Snowflake using their own credentials.
Available on the Enterprise plan
Greater security with Snowflake OAuth
With Snowflake OAuth you can give every member of your Deepnote workspace their own set of credentials. You can ensure higher security by using short-lived tokens and enabling the use of multi-factor authentication. Follow the principle of least privilege and use granular access control for various Snowflake resources to ensure everyone can only access the data they need.
The integration leverages Snowflake's built-in OAuth service to provide the authentication using a custom client integration.
To use Snowflake OAuth, you require SYSADMIN
or SECURITYADMIN
privileges in Snowflake.
Creating the integration
This section provides step by step instructions for setting up Snowflake OAuth authentication for use in Deepnote.
-
Please navigate to the Snowflake console (i.e., Snowsight) and create a security integration by running this code:
create security integration oauth_deepnote type=oauth enabled=true oauth_client=CUSTOM oauth_client_type='CONFIDENTIAL' oauth_redirect_uri='https://deepnote.com/auth/snowflake/native-callback' oauth_issue_refresh_tokens=true oauth_refresh_token_validity=86400;
-
Run the following code and note the Client ID returned in the output. We will refer to it as
OAUTH_CLIENT_ID
in the following steps.describe security integration oauth_deepnote;
-
Run the following code to print the Client Secret. We will refer to it as
OAUTH_CLIENT_SECRET
in subsequent steps.select system$show_oauth_client_secrets('OAUTH_DEEPNOTE');
-
After heading back to Deepnote, create a Snowflake integration as described in our main Snowflake docs.
-
Select Snowflake OAuth as the authentication method and enter your
OAUTH_CLIENT_ID
andOAUTH_CLIENT_SECRET
into the Client ID and Client Secret fields, respectively. -
Lastly, click "Create integration".
- If you leave the Role empty, Snowflake will use the default role assigned to each user. If you enter a role, Deepnote will use that role when signing in every user using OAuth.
- Snowflake doesn’t allow the following roles to log in via OAuth:
ACCOUNTADMIN
,ORGADMIN
,SECURITYADMIN
. Make sure you assign a different role to users when using this authentication method.
Using the the Snowflake OAuth integration
- User authentication is also required to browse the Snowflake schema.
- Scheduling a project with Snowflake OAuth is not supported since it requires an interactive authentication flow. To use scheduling, create a Snowflake integration with username and password as the authentication method.