## Snowflake integration Snowflake is a cloud data platform for data warehousing, data lakes, and data sharing. Integrating Snowflake with Frontegg allows your application to execute SQL queries and access data warehouses on behalf of your users using OAuth 2.0. Prerequisites - A [Snowflake account](https://www.snowflake.com/) with the ACCOUNTADMIN role (required to create security integrations) ### Connect Snowflake Snowflake OAuth integrations are configured using SQL commands in Snowsight. There is no separate developer portal — you create and manage OAuth clients directly within your Snowflake account. #### Step 1: Sign in to Snowsight Navigate to [app.snowflake.com](https://app.snowflake.com) and sign in to your Snowflake account. ![Snowflake Snowsight sign-in page](/assets/snowflake-1.2735c521b90ffd119c2b2106f79a7963e92c15fbe5b62ae0ec8b5ce684e8f5a5.1ce25488.png) #### Step 2: Open a SQL worksheet In the left navigation, click **Projects**. On the **Welcome to Workspaces** page, click **SQL file** to create a new SQL worksheet. ![Snowflake Workspaces page with SQL file button highlighted](/assets/snowflake-2.dfe04119ea74abd5d8dde2e05e94de6abff7d071388b25100c5f8cf781a42c4f.1ce25488.png) #### Step 3: Create a security integration In the SQL worksheet, enter the following command. Replace `FRONTEGG_INTEGRATION` with your preferred integration name: ```sql CREATE SECURITY INTEGRATION FRONTEGG_INTEGRATION TYPE = OAUTH ENABLED = TRUE OAUTH_CLIENT = CUSTOM OAUTH_CLIENT_TYPE = 'CONFIDENTIAL' OAUTH_REDIRECT_URI = 'https://YOUR_MCP_GATEWAY_URL/integration-callback' OAUTH_ISSUE_REFRESH_TOKENS = TRUE OAUTH_REFRESH_TOKEN_VALIDITY = 7776000; ``` Click **Run selected** to execute the command. ![Snowflake SQL worksheet with CREATE SECURITY INTEGRATION command](/assets/snowflake-3.f636b2f09fa397bd985661e3342e2e6c053360260603c679e3ec8bc508e8e9c7.1ce25488.png) #### Step 4: Verify the integration was created After running the command, the results panel shows a confirmation message. ![Snowflake integration creation success message](/assets/snowflake-4.dcaf0b03aee4fbed2197a009b0af7257bb5232d545b7a1f265b6963f8edb8448.1ce25488.png) #### Step 5: Copy your credentials Run the following query to retrieve your OAuth client credentials: ```sql SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('FRONTEGG_INTEGRATION'); ``` The result is a JSON object containing: | Field | Description | | --- | --- | | `OAUTH_CLIENT_ID` | Your Client ID | | `OAUTH_CLIENT_SECRET` | Your primary Client Secret | | `OAUTH_CLIENT_SECRET_2` | A secondary Client Secret (backup) | Copy your Client Secret now Copy your Client Secret and store it in a secure location. If you lose it, you must delete the integration and create a new one. ![Snowflake client credentials query results](/assets/snowflake-5.1c1bdd1502e7bb13117468f0e796883ff44747bc801363d345381d706c086a7e.1ce25488.png) ### Configure the Frontegg portal Once you have obtained your credentials, configure the integration in the Frontegg portal: 1. Open the **Frontegg portal** and navigate to [ENVIRONMENT] → Integrations → Snowflake. 2. Enter your **Snowflake account identifier** — the subdomain of your Snowflake URL. For example, if your URL is `https://xy12345.snowflakecomputing.com`, your account identifier is `xy12345`. 3. Enter the **Client ID** and **Client Secret** from the query results. 4. Select the required **scopes**: | Scope | Description | | --- | --- | | `session:role:ACCOUNTADMIN` | Access Snowflake using the ACCOUNTADMIN role | Role restrictions The ACCOUNTADMIN, SECURITYADMIN, and other admin roles are blocked from OAuth by default in Snowflake. To use `session:role:ACCOUNTADMIN`, contact Snowflake Support to remove it from the blocked roles list. Alternatively, use a custom role with the required permissions and set the scope to `session:role:YOUR_CUSTOM_ROLE`. 1. Click **Save**. Keep your credentials secure Never share or commit your Client Secret to version control. ### Additional resources - [Snowflake OAuth for custom clients](https://docs.snowflake.com/en/user-guide/oauth-custom) - [CREATE SECURITY INTEGRATION command](https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-oauth-snowflake) - [Snowflake account identifiers](https://docs.snowflake.com/en/user-guide/admin-account-identifier) - [How to get your Redirect URL](/agen-for-work/connectors/redirect-url)