Create an OAuth security integration
A custom OAuth security integration registers StackOne as an OAuth client in your Snowflake account and pre-authorizes the role your users will connect with.
Sign in to Snowflake
Sign in to your Snowflake account.
- In the left sidebar, go to Projects > Workspaces.
- Click + Add new to create a new SQL worksheet.
Create the security integration
Run the following SQL, replacing <integration_name> with a name of your choice (e.g., STACKONE_OAUTH) and <role_name> with the Snowflake role your users will authorize with.
OAUTH_REFRESH_TOKEN_VALIDITYis in seconds — 7776000 equals 90 days- The role in
PRE_AUTHORIZED_ROLES_LISTmust exactly match the Snowflake Role field. - Example: if your users connect with the
SYSADMINrole, usePRE_AUTHORIZED_ROLES_LIST = ('SYSADMIN')and enterSYSADMINas the Snowflake Role - To find a role: your current role is shown next to your username in the bottom-left corner of Snowsight (e.g.,
ACCOUNTADMIN). Note that ACCOUNTADMIN, SECURITYADMIN, ORGADMIN, and GLOBALORGADMIN are blocked for OAuth — pick a non-blocked role such asSYSADMIN
Retrieve your OAuth client credentials
Snowflake generates the client credentials when the integration is created; they are retrieved with a system function rather than shown in the UI.
Fetch the client credentials
In the same worksheet, run the following SQL, replacing <INTEGRATION_NAME> with your integration name in uppercase, wrapped in single quotes.
Creating the StackOne Connector Profile
To create the Connector Profile in StackOne for Snowflake:Navigate to Connector Profiles
Create New Connector Profile
- Click + Connector Profile
- Search for and select Snowflake
- Select Type as OAuth 2.0
- Fill out the fields using details retrieved from your provider:
- OAuth Client ID
- OAuth Client Secret
- Snowflake Role
- (Optional) Select Actions to be enabled for this Connector Profile
- Click Create profile