• Prerequisites
  • Whitelist CData IPs
  • Ensure Snowflake Is Publicly Accessible
• Setup Guide
• Authentication Methods
  • OAuth
  • Password
  • Private Key
  • Okta
  • PingFederate
• More Information

Prerequisites

Whitelist CData IPs

To establish a connection to Snowflake, you need to allow access to Snowflake via CData’s IP. When hosting Snowflake behind a firewall, you must safelist these IP addresses in your firewall.

• Range: 52.224.0.160 to 52.224.0.175

• CIDR notation: 52.224.0.160/28

Ensure Snowflake Is Publicly Accessible

Provide a public facing IP/domain to connect to this data source. The following private IP ranges do not work:

• 10.0.0.0 to 10.255.255.255

• 172.16.0.0 to 172.31.255.255

• 192.168.0.0 to 192.168.255.255

• 127.0.0.1 (aka ‘localhost’)

Setup Guide

Follow these steps to connect Snowflake to your CData Connect Cloud account:

1. Open the Connections page of the CData Connect Cloud dashboard.

2. Click + Add Connection in the upper-right corner.

3. Type Snowflake into the search field, then click the data source name.

4. On the Basic Settings tab of the new connection, enter a connection name or keep the default name.

5. Enter the Snowflake Warehouse.

6. Enter the URL of the Snowflake database. Snowflake supports URLs in either the account name or connection name format.

   • To use the account name, refer to Finding the organization and account name for an account in the Snowflake documentation.

   • To use the connection name, use the SHOW CONNECTIONS command.

   The URL format depends on how you are connecting. Refer to the Connecting with a URL in the Snowflake documentation for help in entering the URL correctly.

   The following are a few examples of formatting the URL:

   • Standard URL with account name: https://<orgname>-<account_name>.snowflakecomputing.com.

   • Standard URL with connection name: https://<orgname>-<connectionname>.snowflakecomputing.com.

   • Okta SSO: https://<orgname>-<account-name>.snowflakecomputing.com (if your account name contains an underscore, change the underscore to a hyphen).

7. Select the Authentication method, then proceed to the relevant section and follow those instructions.

8. Under Data Credentials, determine if you want to allow shared credentials or to require users to use their own credentials.

Authentication Methods

OAuth

1. In the User field, enter your Snowflake user name.

2. The Callback URL, or Redirect URL, is the URL you need (https://oauth.cdata.com/oauth/) when setting up your OAuth app. Copy this URL and paste it into your OAuth app.

3. Enter the OAuth Client Id assigned when you registered your Snowflake account.

4. Enter the OAuth Client Secret for your Snowflake account for OAuth.

5. Select the OAuth Authenticator that the OAuth application requests from Snowflake. If there is no authenticator, use the default None.

6. (Optional) Enter the Snowflake Database and Schema. Selecting a schema may improve performance for some applications.

7. Click Sign in to connect securely through OAuth. This action opens the Snowflake sign-in page in a new tab.

8. Log in to your Snowflake account and provide the requested permissions (if applicable).

9. At the top of the CData Connect Cloud Add Snowflake Connection page, click Save & Test.

   • If the connection test succeeds, a message indicates that your connection has been created. The Status on the Edit Connection page also changes to Authenticated.

   • If the connection test fails, ensure that you entered your login information correctly with no stray spaces or other characters. CData Connect Cloud displays error messages under the required fields with missing data. Some data sources require that you sign in directly to the source website. If you did not, an error message appears under the Sign in button. Correct the errors and try again.

   • Unsuccessful connections are saved as drafts and have a Status of Not Authenticated. You can return to the connection and authenticate it later.

Password

Important: Any new Snowflake account starting with bundle “2024_08” will no longer support Password authentication. Please use other authentication methods, such as OAuth or Private Key.

1. Enter your user name in the User field and password in the Password field.

2. In the Database section, enter the name of the Snowflake database to connect to.

3. (Optional) Enter the schemas of the Snowflake database to connect to. If this is left blank, the connector has access to all schemas in the database.

4. At the top of the CData Connect Cloud Add Snowflake Connection page, click Save & Test.

   • If the connection test succeeds, a message indicates that your connection has been created. The Status on the Edit Connection page also changes to Authenticated.

   • If the connection test fails, ensure that you entered your login information correctly with no stray spaces or other characters. CData Connect Cloud displays error messages under the required fields with missing data. Some data sources require that you sign in directly to the source website. If you did not, an error message appears under the Sign in button. Correct the errors and try again.

   • Unsuccessful connections are saved as drafts and have a Status of Not Authenticated. You can return to the connection and authenticate it later.

5. In Snowflake, add the CData Connect Cloud static IP addresses to your connection whitelist.

Private Key

Follow these steps to configure private key authentication:

1. Open your Snowflake keyfile (which ends in .p8) in a text editor.

2. Copy the entire contents of the file.

3. Enter the copied contents of your private key into the Private Key field.

4. If your private key has a password, enter it in the Private Key Password field.

5. Select the correct Private Key Type from the drop down.

6. In the Database section, enter the name of the Snowflake database to connect to.

7. (Optional) Enter the schemas of the Snowflake database to connect to. If this is left blank, the connector has access to all schemas in the database.

8. At the top of the CData Connect Cloud Add Snowflake Connection page, click Save & Test.

   • If the connection test succeeds, a message indicates that your connection has been created. The Status on the Edit Connection page also changes to Authenticated.

   • If the connection test fails, ensure that you entered your login information correctly with no stray spaces or other characters. CData Connect Cloud displays error messages under the required fields with missing data. Some data sources require that you sign in directly to the source website. If you did not, an error message appears under the Sign in button. Correct the errors and try again.

   • Unsuccessful connections are saved as drafts and have a Status of Not Authenticated. You can return to the connection and authenticate it later.

9. In Snowflake, add the CData Connect Cloud static IP addresses to your connection whitelist.

Okta

1. Enter the following information:

   • User— The Okta user account.

   • Password— The password associated with the Okta account.

   • MFA Passcode— Set this to the OTP code that was sent to your device. This property should be used only when Multi-Factor Authentication is required for Okta sign on.

   • SSO Properties— are needed to authenticate to Okta:

     • Domain: Set this to the OKTA org domain name.
     • MFAType (optional): Set this to the multi-factor type. This property should be used only when the MFA is required for Okta sign on. This property accepts one of the following values:
       • OKTAVerify
       • Email
       • SMS
     • APIToken (optional): Set this to the API Token created by Okta. This is used when authenticating a user via a trusted application or proxy that overrides the Okta client request context.

2. In the Database section, enter the name of the Snowflake database to connect to.

3. (Optional) Enter the schemas of the Snowflake database to connect to. If this is left blank, the connector has access to all schemas in the database.

4. At the top of the CData Connect Cloud Add Snowflake Connection page, click Save & Test.

   • If the connection test succeeds, a message indicates that your connection has been created. The Status on the Edit Connection page also changes to Authenticated.

   • If the connection test fails, ensure that you entered your login information correctly with no stray spaces or other characters. CData Connect Cloud displays error messages under the required fields with missing data. Some data sources require that you sign in directly to the source website. If you did not, an error message appears under the Sign in button. Correct the errors and try again.

   • Unsuccessful connections are saved as drafts and have a Status of Not Authenticated. You can return to the connection and authenticate it later.

5. In Snowflake, add the CData Connect Cloud static IP addresses to your connection whitelist.

PingFederate

1. In the User field, enter the Snowflake username for authentication.

2. In the Password field, enter the user password.

3. (Optional) Enter the Proof Key. You must specify this if you want to connect to PingFederate without using a browser.

4. (Optional) Enter the External Token. You must specify this if you want to connect to PingFederate without using a browser. For more information about the Proof Key and External Token, follow the steps here.

5. (Optional) Enter the Database and Schema. Selecting a schema may improve performance for some applications.

6. At the top of the CData Connect Cloud Add Snowflake Connection page, click Save & Test.

   • If the connection test succeeds, a message indicates that your connection has been created. The Status on the Edit Connection page also changes to Authenticated.

   • If the connection test fails, ensure that you entered your login information correctly with no stray spaces or other characters. CData Connect Cloud displays error messages under the required fields with missing data. Some data sources require that you sign in directly to the source website. If you did not, an error message appears under the Sign in button. Correct the errors and try again.

   • Unsuccessful connections are saved as drafts and have a Status of Not Authenticated. You can return to the connection and authenticate it later.

More Information

For more information about interactions between CData Connect Cloud and Snowflake, see this information page.