Cloud Portal ONE Desktop ONE DQ&C ONE MDM ONE RDM ONE Runtime Server
User Community Service Desk Downloads

Snowflake Connection

When you connect to Snowflake, Ataccama ONE profiling jobs run in pushdown in Snowflake by default. It is also possible to configure pushdown processing for DQ evaluation jobs. For more information, see Snowflake Pushdown Processing.

Create a source

To connect to Snowflake:

  1. Navigate to Catalog > Sources.

  2. Select Create.

  3. Provide the following:

    • Name: The source name.

    • Description: A description of the source.

    • Deployment (Optional): Choose the deployment type.

      You can add new values if needed.

    • Stewardship: The source owner and roles. For more information, see Stewardship.

  4. Save your changes to proceed.

You do not always need to create a new data source. You can also add connections to existing sources.

Add a connection

  1. Select Add Connection.

  2. In Select connection type, choose Relational Database > Snowflake.

  3. Provide the following:

    • Name: A meaningful name for your connection. This is used to indicate the location of catalog items.

    • Description (Optional): A short description of the connection.

    • JDBC: A JDBC connection string pointing to the IP address or the URL where the data source can be reached.

      The expected syntax is jdbc:snowflake://<account_identifier>.snowflakecomputing.com/?<connection_params>.

Optionally, enable pushdown processing for DQ evaluation. For more information, see Snowflake Pushdown Processing.

For pushdown processing to function, the credentials added for this connection need to be for a Snowflake user with write permissions, as pushdown processing involves writing into the working database (including creating tables).

  • Select Enable analytical queries if you want to create data visualizations in ONE Reports based on catalog items from this connection.

Add credentials

  1. Select Add Credentials.

  2. Choose an authentication method and proceed with the corresponding step:

Username and password

  1. Select Username and password.

  2. Provide the following:

    • Name: A name for this set of credentials.

    • Description (Optional): A description for this set of credentials.

    • Username: The username for the data source.

    • Password: The password for the data source.

  3. If you want to use this set of credentials by default when connecting to the data source, select Set as default.

    One set of credentials must be set as default for each connection. Otherwise, DQ evaluation fails and previewing data in the catalog is not possible.

  4. Proceed with Test the connection.

Snowflake’s “secure by default” policy means that password-only authentication is not supported for new accounts (from September 30th, 2024): key-pair authentication is required, as per the official Snowflake documentation. Proceed to Key-pair authentication.

Key-pair authentication

  1. Select Key-pair authentication

  2. Provide the following:

    • Name: A name for this set of credentials.

    • Description (Optional): A description for this set of credentials.

    • Private key: Upload your private key.

      For more information on how to generate your private key, see Generate the private key in the official Snowflake documentation.

OAuth credentials

If you are using OAuth 2.0 tokens, you also need to supply the Redirect URL to the data source you’re connecting to. This information is available when configuring the connection.

  1. Select OAuth Credentials.

  2. Provide the following:

    • Name: A name for this set of credentials.

    • Description (Optional): A description for this set of credentials.

    • Redirect URL: This field is predefined and read-only. This URL is required to receive the refresh token and must be provided to the data source you’re integrating with.

    • Client ID: The OAuth 2.0 client ID.

    • Client secret: The client secret used to authenticate to the authorization server.

    • Authorization endpoint: The OAuth 2.0 authorization endpoint of the data source. It is required only if you need to generate a new refresh token.

    • Token endpoint: The OAuth 2.0 token endpoint of the data source. Used to get access to a token or a refresh token.

    • Refresh token valid till (Optional): Manually specify the token validity period.

    • Refresh token: The OAuth 2.0 refresh token. Allows the application to authenticate after the access token has expired without having to prompt the user for credentials.

      Select Generate to create a new token. Once you do this, the expiration date of the refresh token is updated in Refresh token valid till.

  3. If you want to use this set of credentials by default when connecting to the data source, select Set as default.

    One set of credentials must be set as default for each connection. Otherwise, DQ evaluation fails and previewing data in the catalog is not possible.

  4. Proceed with Test the connection.

Entra ID

Entra ID authentication requires an External OAuth security integration in Snowflake and an OAuth application configured in Microsoft Entra ID. If these are not already set up in your environment, contact your Snowflake and Azure administrators, or see Configure Microsoft Entra ID for External OAuth for setup instructions.

  1. Select Entra ID.

  2. Provide the following:

    • Name: A name for this set of credentials.

    • Description (Optional): A description for this set of credentials.

    • Client ID: The application (client) ID from your Entra ID OAuth application registration. This appears as a GUID (for example, 4701c7e7-1178-4006-a1fc-b4c3ee5cfef7) and is found in the Entra ID portal in App registrations > [app name] > Overview.

    • Client secret: The client secret from your Entra ID OAuth application registration. This is created in the Entra ID portal in App registrations > [app name] > Certificates & secrets.

    • Tenant ID: The Azure Active Directory tenant ID where your application is registered. This appears as a GUID (for example, 12345678-1234-1234-1234-123456789012) and is found in the Entra ID portal in App registrations > [app name] > Overview, or in Azure Active Directory > Overview.

    • Application ID URI: The Application ID URI for your Snowflake OAuth resource application. This can be in the format api://<GUID> or <web-resource>; and is configured in Entra ID in App registrations > [OAuth resource app] > Expose an API. The Application ID URI must be unique within your organization’s directory.

  3. If you want to use this set of credentials by default when connecting to the data source, select Set as default.

    One set of credentials must be set as default for each connection. Otherwise, DQ evaluation fails and previewing data in the catalog is not possible.

  4. Proceed with Test the connection.

Add write credentials

Write credentials are required if you want to export data to this source.

To configure these, in Write credentials, select Add Credentials and follow the corresponding step depending on the chosen authentication method (see Add credentials).

Make sure to set one set of write credentials as default. Otherwise, this connection isn’t shown when configuring data export.

Test the connection

To test and verify whether the data source connection has been correctly configured, select Test Connection.

If the connection is successful, continue with the following step. Otherwise, verify that your configuration is correct and that the data source is running.

Save and publish

Once you have configured your connection, save and publish your changes. If you provided all the required information, the connection is now available for other users in the application.

In case your configuration is missing required fields, you can view a list of detected errors instead. Review your configuration and resolve the issues before continuing.

Next steps

You can now browse and profile assets from your connection.

In Catalog > Sources, find and open the source you just configured. Switch to the Connections tab and select Import or run Term detection.

Or, to import or profile only some assets, select Browse on the Connections tab. Choose the assets you want to analyze and then the appropriate profiling option.

Was this page useful?