> ## Documentation Index
> Fetch the complete documentation index at: https://docs.stackone.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Snowflake OAuth 2.0 connector profile – StackOne setup guide

> Set up the OAuth 2.0 connector profile for Snowflake in StackOne. One-time admin setup required before your users can link Snowflake accounts via Hub.

<Warning>ACCOUNTADMIN role (or a role with the global CREATE INTEGRATION privilege) is required to create the OAuth security integration. Note: ACCOUNTADMIN, SECURITYADMIN, ORGADMIN, and GLOBALORGADMIN are blocked from OAuth by default and cannot be used as the Snowflake Role.</Warning>

<section data-guide-section data-guide-scopes="">
  <h2>Create an OAuth security integration</h2>

  <p>A custom OAuth security integration registers StackOne as an OAuth client in your Snowflake account and pre-authorizes the role your users will connect with.</p>

  <Steps>
    <Step title="Sign in to Snowflake">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Sign in to your <a href="https://app.snowflake.com" target="_blank" rel="noopener noreferrer">Snowflake account</a>.</p>

        <ul>
          <li>In the left sidebar, go to <strong>Projects</strong> > <strong>Workspaces</strong>.</li>
          <li>Click <strong>+ Add new</strong> to create a new SQL worksheet.</li>
        </ul>
      </div>
    </Step>

    <Step title="Create the security integration">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Run the following SQL, replacing `<integration_name>` with a name of your choice (e.g., `STACKONE_OAUTH`) and `<role_name>` with the Snowflake role your users will authorize with.</p>

        ```sql theme={null}
        CREATE SECURITY INTEGRATION <integration_name>
          TYPE = OAUTH
          OAUTH_CLIENT = CUSTOM
          OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
          OAUTH_REDIRECT_URI = 'https://api.stackone.com/connect/oauth2/snowflake/callback'
          ENABLED = TRUE
          OAUTH_ISSUE_REFRESH_TOKENS = TRUE
          OAUTH_REFRESH_TOKEN_VALIDITY = 7776000
          PRE_AUTHORIZED_ROLES_LIST = ('<role_name>');
        ```

        <ul>
          <li>`OAUTH_REFRESH_TOKEN_VALIDITY` is in seconds — 7776000 equals 90 days</li>
          <li>The role in `PRE_AUTHORIZED_ROLES_LIST` must exactly match the <strong>Snowflake Role</strong> field.</li>
          <li>Example: if your users connect with the `SYSADMIN` role, use `PRE_AUTHORIZED_ROLES_LIST = ('SYSADMIN')` and enter `SYSADMIN` as the <strong>Snowflake Role</strong></li>
          <li>To find a role: your current role is shown next to your username in the bottom-left corner of Snowsight (e.g., `ACCOUNTADMIN`). Note that ACCOUNTADMIN, SECURITYADMIN, ORGADMIN, and GLOBALORGADMIN are blocked for OAuth — pick a non-blocked role such as `SYSADMIN`</li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Retrieve your OAuth client credentials</h2>

  <p>Snowflake generates the client credentials when the integration is created; they are retrieved with a system function rather than shown in the UI.</p>

  <Steps>
    <Step title="Fetch the client credentials">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>In the same worksheet, run the following SQL, replacing `<INTEGRATION_NAME>` with your integration name in uppercase, wrapped in single quotes.</p>

        ```sql theme={null}
        SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('<INTEGRATION_NAME>');
        ```
      </div>
    </Step>

    <Step title="Copy your credentials">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>The result is a JSON object containing your client credentials. Store them securely for use later.</p>

        <ul>
          <li>`oauth_client_id` is your <strong>OAuth Client ID</strong></li>
          <li>`oauth_client_secret` is your <strong>OAuth Client Secret</strong></li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

## Creating the StackOne Connector Profile

To create the Connector Profile in StackOne for <strong>Snowflake</strong>:

<Steps>
  <Step title="Navigate to Connector Profiles">
    Login to StackOne and navigate to [Connector Profiles](https://app.stackone.com/connector_profiles)
  </Step>

  <Step title="Create New Connector Profile">
    <ul>
      <li>Click <strong>+ Connector Profile</strong></li>
      <li>Search for and select <strong>Snowflake</strong></li>
      <li>Select <strong>Type</strong> as <strong>OAuth 2.0</strong></li>

      <li>
        Fill out the fields using details retrieved from your provider:

        <ul style={{ marginLeft: '20px' }}>
          <li><strong>OAuth Client ID</strong></li>
          <li><strong>OAuth Client Secret</strong></li>
          <li><strong>Snowflake Role</strong></li>
        </ul>
      </li>

      <li>(Optional) Select <strong>Actions</strong> to be enabled for this Connector Profile</li>
      <li>Click <strong>Create profile</strong></li>
    </ul>
  </Step>
</Steps>

Congratulations! The new Connector Profile will now show up in your project ready to be used. You can now continue to <a href="/guides/accounts-section#linking-accounts">Link Accounts</a> for <strong>Snowflake</strong>.
