How to configure Snowflake DCM data source with Okta credentials

mmichaelson

My organization accesses Snowflake via an IdP provider (Okta) using SSO.  We'd like to do this using Alteryx.

I've been exploring the idea of using DCM to manage these connection(s).  Setting up a DCM Data Source is simple enough; where I get stuck is when I need to create a credential.

See below.  Does anyone have more details on how to populate each of these fields?  Alteryx's documentation doesn't really explain how to fill in these fields.  Also, even though the section is labeled "OKTA APPLICATION", I've seen conflicting information in other posts about using Snowflake's URL versus Okta's URL, Snowflake's API versus Okta's API, etc. 

Additionally, I'm not sure why DCM separates the "APPLICATION" and "TOKEN" objects within credentials... wouldn't the application provide the token when a user authenticates?

Full disclosure - I realize that these fields will vary by organization.  Any help finding the information for each of these fields is appreciated, even if it's "that's Okta, go talk to your Okta admin".

Thanks!

shancmiralles

Hi @mmichaelson  ! Hope this helps:

To connect Snowflake to Alteryx using Okta credentials for authentication, you need to set up the connection correctly by utilizing Snowflake's support for OAuth (which Okta uses for Single Sign-On (SSO)) and the Alteryx Connector for Snowflake. Here’s how to do it step-by-step:

Prerequisites:

1. Snowflake account with OAuth enabled.

2. Okta setup as your identity provider (IdP) for OAuth.

3. Alteryx Designer installed on your machine with the Snowflake Connector.

Steps:

1. Configure Snowflake to Support OAuth

Ensure that Snowflake is configured to authenticate using OAuth. The connection needs to be set up in Snowflake to trust Okta as the identity provider.

Create an OAuth integration in Snowflake:

1. Log in to Snowflake as an account administrator.

2. Create an OAuth integration using the following SQL command:

CREATE INTEGRATION okta_oauth_integration

TYPE = OAUTH

ENABLED = TRUE

OAUTH_CLIENT = '<okta-client-id>'

OAUTH_SECRET = '<okta-client-secret>'

OAUTH_REDIRECT_URI = 'https://<your-redirect-uri>'

OAUTH_SCOPE = 'openid';

Replace <okta-client-id>, <okta-client-secret>, and <your-redirect-uri> with the appropriate details from your Okta configuration.

Set up Okta: In Okta, configure an OAuth application for Snowflake (for example, using the "Custom OIDC Application" type) to issue OAuth tokens. Ensure that the client ID and client secret from Okta are correctly used in the Snowflake integration setup.

2. Set Up the Snowflake Connector in Alteryx

Alteryx provides a Snowflake connector that allows you to directly connect to Snowflake from within Alteryx Designer.

1. Open Alteryx Designer and go to the Input Data or Connect In-DB tool, depending on whether you are pulling data or working with it within the database.

2. Select Snowflake as your data source.

3. In the connection setup dialog, enter the Snowflake account, warehouse, database, and schema details.

4. Choose OAuth as the authentication method:

For Authentication Type, select OAuth (the one that works with Okta).

Alteryx will automatically trigger an OAuth login flow, where you will need to authenticate with Okta credentials.

5. Alteryx will prompt you to enter your Okta credentials in the login window (this is the OAuth authentication flow).

6. After successful authentication, the connection to Snowflake will be established, and Alteryx will be able to query or manipulate data in Snowflake.

3. Test the Connection

Once you’ve entered the correct credentials and authentication method (OAuth via Okta), click on Test Connection to verify the connection.

If successful, the connection will be ready for use in your Alteryx workflow.

4. Use the Connection in Workflows

Once authenticated, you can use the Input Data, Output Data, or Connect In-DB tools in Alteryx to query Snowflake data, create workflows, and process data as usual.

Key Points:

The authentication process leverages OAuth with Okta as the Identity Provider (IdP).

Make sure your Snowflake and Okta configurations are correctly set up for OAuth.

Alteryx uses OAuth tokens to authenticate and maintain the session with Snowflake using Okta credentials.

Troubleshooting Tips:

If you encounter authentication errors, double-check the OAuth client ID, client secret, and redirect URI in both Snowflake and Okta configurations.

Ensure your Okta user has the correct permissions to access Snowflake resources.

Ensure that Snowflake’s OAuth integration is enabled and configured properly in Snowflake.