Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update set-up-snowflake-oauth.md #6104

Merged
merged 4 commits into from
Sep 20, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 8 additions & 12 deletions website/docs/docs/cloud/manage-access/set-up-snowflake-oauth.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ This guide describes a feature of the dbt Cloud Enterprise plan. If you’re int

:::

dbt Cloud Enterprise supports [OAuth authentication](https://docs.snowflake.net/manuals/user-guide/oauth-intro.html) with Snowflake. When Snowflake OAuth is enabled, users can authorize their Development credentials using Single Sign On (SSO) via Snowflake rather than submitting a username and password to dbt Cloud. If Snowflake is setup with SSO through a third-party identity provider, developers can use this method to log into Snowflake and authorize the dbt Development credentials without any additional setup.
dbt Cloud Enterprise supports [OAuth authentication](https://docs.snowflake.net/manuals/user-guide/oauth-intro.html) with Snowflake. When Snowflake OAuth is enabled, users can authorize their Development credentials using Single Sign On (SSO) via Snowflake rather than submitting a username and password to dbt Cloud. If Snowflake is set up with SSO through a third-party identity provider, developers can use this method to log into Snowflake and authorize the dbt Development credentials without any additional setup.

To set up Snowflake OAuth in dbt Cloud, admins from both are required for the following steps:
1. [Locate the redirect URI value](#locate-the-redirect-uri-value) in dbt Cloud.
Expand All @@ -22,10 +22,10 @@ To use Snowflake in the dbt Cloud IDE, all developers must [authenticate with Sn
### Locate the redirect URI value

To get started, copy the connection's redirect URI from dbt Cloud:
1. Navigate to **Account settings**
1. Select **Projects** and choose a project from the list
1. Select the connection to view its details abd set the **OAuth method** to "Snowflake SSO"
1. Copy the **Redirect URI** for use in later steps
1. Navigate to **Account settings**.
1. Select **Projects** and choose a project from the list.
1. Select the connection to view its details and set the **OAuth method** to "Snowflake SSO".
1. Copy the **Redirect URI** to use in the later steps.

<Lightbox
src="/img/docs/dbt-cloud/dbt-cloud-enterprise/snowflake-oauth-redirect-uri.png"
Expand All @@ -37,11 +37,7 @@ To get started, copy the connection's redirect URI from dbt Cloud:

In Snowflake, execute a query to create a security integration. Please find the complete documentation on creating a security integration for custom clients [here](https://docs.snowflake.net/manuals/sql-reference/sql/create-security-integration.html#syntax).

In the following `CREATE OR REPLACE SECURITY INTEGRATION` example query, replace `<REDIRECT_URI>` with the [appropriate Access URL](/docs/cloud/about-cloud/access-regions-ip-addresses) for your region and plan. You can find this in dbt Cloud by:
- Navigating to **Account settings** and then **Connections**.
- Click on the Snowflake connection.
- Copy the URL under **Redirect URI**.
<Lightbox src="/img/docs/dbt-cloud/access-control/oauth-connections.jpg" width="70%" title="Copy the 'Redirect URI' URL in dbt Cloud and replace it in the 'REDIRECT_URI' field." />
In the following `CREATE OR REPLACE SECURITY INTEGRATION` example query, replace `<REDIRECT_URI>` value with the Redirect URI (also referred to as the [access URL](/docs/cloud/about-cloud/access-regions-ip-addresses)) copied in dbt Cloud. To locate the Redirect URI, refer to the previous [locate the redirect URI value](#locate-the-redirect-uri-value) section.

```
CREATE OR REPLACE SECURITY INTEGRATION DBT_CLOUD
Expand Down Expand Up @@ -94,11 +90,11 @@ Enter the Client ID and Client Secret into dbt Cloud to complete the creation of

<Lightbox src="/img/docs/dbt-cloud/dbt-cloud-enterprise/database-connection-snowflake-oauth.png" title="Configuring Snowflake OAuth credentials in dbt Cloud" />

### Authorize Developer Credentials
### Authorize developer credentials

Once Snowflake SSO is enabled, users on the project will be able to configure their credentials in their Profiles. By clicking the "Connect to Snowflake Account" button, users will be redirected to Snowflake to authorize with the configured SSO provider, then back to dbt Cloud to complete the setup process. At this point, users should now be able to use the dbt IDE with their development credentials.

### SSO OAuth Flow Diagram
### SSO OAuth flow diagram

<Lightbox src="/img/docs/dbt-cloud/dbt-cloud-enterprise/84427818-841b3680-abf3-11ea-8faf-693d4a39cffb.png" title="SSO OAuth flow diagram" />

Expand Down
Binary file not shown.
Loading