Snowflake integration

Snowflake integration
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude
Connect to Cursor
Install MCP server on Cursor
Connect to VS Code
Install MCP server on VS Code

Snowflake is a cloud data platform for data warehousing, data lakes, and data sharing. Integrating Snowflake with Frontegg allows your application to execute SQL queries and access data warehouses on behalf of your users using OAuth 2.0.

Prerequisites

A Snowflake account with the ACCOUNTADMIN role (required to create security integrations)

Connect Snowflake

Snowflake OAuth integrations are configured using SQL commands in Snowsight. There is no separate developer portal — you create and manage OAuth clients directly within your Snowflake account.

Navigate to app.snowflake.com and sign in to your Snowflake account.

Snowflake Snowsight sign-in page

Step 2: Open a SQL worksheet

In the left navigation, click Projects. On the Welcome to Workspaces page, click SQL file to create a new SQL worksheet.

Snowflake Workspaces page with SQL file button highlighted

Step 3: Create a security integration

In the SQL worksheet, enter the following command. Replace FRONTEGG_INTEGRATION with your preferred integration name:

CREATE SECURITY INTEGRATION FRONTEGG_INTEGRATION
  TYPE = OAUTH
  ENABLED = TRUE
  OAUTH_CLIENT = CUSTOM
  OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
  OAUTH_REDIRECT_URI = 'https://YOUR_MCP_GATEWAY_URL/integration-callback'
  OAUTH_ISSUE_REFRESH_TOKENS = TRUE
  OAUTH_REFRESH_TOKEN_VALIDITY = 7776000;

Click Run selected to execute the command.

Snowflake SQL worksheet with CREATE SECURITY INTEGRATION command

Step 4: Verify the integration was created

After running the command, the results panel shows a confirmation message.

Snowflake integration creation success message

Step 5: Copy your credentials

Run the following query to retrieve your OAuth client credentials:

SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('FRONTEGG_INTEGRATION');

The result is a JSON object containing:

Field	Description
`OAUTH_CLIENT_ID`	Your Client ID
`OAUTH_CLIENT_SECRET`	Your primary Client Secret
`OAUTH_CLIENT_SECRET_2`	A secondary Client Secret (backup)

Copy your Client Secret now

Copy your Client Secret and store it in a secure location. If you lose it, you must delete the integration and create a new one.

Snowflake client credentials query results

Configure the Frontegg portal

Once you have obtained your credentials, configure the integration in the Frontegg portal:

Open the Frontegg portal and navigate to [ENVIRONMENT] → Integrations → Snowflake.
Enter your Snowflake account identifier — the subdomain of your Snowflake URL. For example, if your URL is https://xy12345.snowflakecomputing.com, your account identifier is xy12345.
Enter the Client ID and Client Secret from the query results.
Select the required scopes:

Scope	Description
`session:role:ACCOUNTADMIN`	Access Snowflake using the ACCOUNTADMIN role

Role restrictions

The ACCOUNTADMIN, SECURITYADMIN, and other admin roles are blocked from OAuth by default in Snowflake. To use session:role:ACCOUNTADMIN, contact Snowflake Support to remove it from the blocked roles list. Alternatively, use a custom role with the required permissions and set the scope to session:role:YOUR_CUSTOM_ROLE.

Click Save.

Keep your credentials secure

Never share or commit your Client Secret to version control.