5/28/2023 0 Comments Sigma client account![]() ![]() Command values vary slightly depending on your IdP.Įxternal_oauth_issuer = ' external_oauth_jws_keys_url = ' external_oauth_token_user_mapping_claim = 'snowflake_username'Įxternal_oauth_snowflake_user_mapping_attribute = 'login_name' The following is an (Okta) example of the command you will need to run in Snowflake. Visit Snowflake’s documentation to learn how. Within the access policy, define access and refresh token lifetimes as desired for all grant types, users, and scopes.Ĭreating a security integration allows Snowflake to trust your IdP.Access policies define rules for access and token lifetimes on an individual app. Create and/or assign an access policy to your new app (created in step 1).Step 4: A dd an Access Policy for the Authorization Server OKTA requires OKTA API Access Management to be enabled in your OKTA instance to create an authorization server. The server also provides an issuer url and jws keys url, both of which are needed for the Snowflake security integration (step 5). This id is needed for OAuth configuration within Sigma (step 6). The authorization server provides a metadata URI. Profile - requests that the OpenID token include other information from the user's profile (including the user's full name)Ĭlaims allow you to connect your OAuth users to user roles in your Snowflake warehouse. ![]() Openid - requests an OpenID token that can be used to authenticate the user to SigmaĮmail - requests that the OpenID token include the user's email Offline_access - requests a refresh token that can be used to get new access tokens "offline" (without asking a human user to re-authenticate with the IdP) Session:role-any - requests that the Snowflake access tokens received by Sigma have permission to assume any Snowflake role the user has been granted Please create an authorization server in your IdP.Īuthorization Server configuration requires the following values: Īll users must also have permission to access the warehouse in Snowflake.Īn authorization server is used to connect your users to Snowflake roles. Access to Snowflake roles is defined on the authorization server (Step 3). These users will be mapped to both Sigma and Snowflake. Īfter creating your OAuth app, you will need to add a list of your OAuth users. Both fields will be used for configuration in Sigma (Step 6). However, if you are running Sigma on AWS, please use Ĭreating your Sigma OAuth app will generate a Client ID and Client Secret. Typically, this will be /api/v2/oauth/1/authcode
0 Comments
Leave a Reply. |