diff --git a/website/docs/docs/cloud/manage-access/external-oauth.md b/website/docs/docs/cloud/manage-access/external-oauth.md index deb23f36f09..380d0a3d1cc 100644 --- a/website/docs/docs/cloud/manage-access/external-oauth.md +++ b/website/docs/docs/cloud/manage-access/external-oauth.md @@ -267,3 +267,7 @@ app in Entra ID, click **Endpoints** and open the **Federation metadata document 6. `Application ID URI`: Copy the `Application ID URI` field from the resource server’s Overview screen. + +## FAQs + + diff --git a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md new file mode 100644 index 00000000000..5d2a2f671c9 --- /dev/null +++ b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md @@ -0,0 +1,22 @@ +--- +title: Receiving a `Failed to connect to DB` error when connecting to Snowflake +description: "Edit your OAuth Security integration when you see error" +sidebar_label: 'Receiving `Failed to connect to database` error' +--- + +1. If you see this error: + + ```shell + + Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested in the connection, or the default role if none was requested in the connection ('xxxxx'), is not listed in the Access Token or was filtered. + Please specify another role, or contact your OAuth Authorization server administrator. + + ``` + +2. Edit your OAuth Security integration and explicitly specify this scope mapping attribute: + + ```sql +ALTER INTEGRATION SET EXTERNAL_OAUTH_SCOPE_MAPPING_ATTRIBUTE = 'scp'; +``` + +You can read more about this error in [Snowflake's documentation](https://community.snowflake.com/s/article/external-custom-oauth-error-the-role-requested-in-the-connection-is-not-listed-in-the-access-token).