Connection reference for Snowflake

Here is a list of the fields of a Snowflake connection. You need specific information to establish a seamless and secure connection. All fields are required, except where noted.

Connection name

Enter a new Snowflake connection name.

Connection description

Provide a short description of the connection. (Optional)

Account name

Enter the account name associated with your Snowflake connection. If you used an AWS PrivateLink between your Snowflake data warehouse and the ThoughtSpot Cloud tenant, use the PrivateLink Snowflake account name provided by ThoughtSpot Support. For example, xyz99999.us-west-2.privatelink.

The account name is part of the URL that you use to access the Snowflake UI. It is the portion of the URL before snowflakecomputing.com.
Example: If your URL is https://abcd.xyz.efg.snowflakecomputing.com, your account name is abcd.xyz.efg. If your URL is https://app.snowflake.com/adetgjc/nof9345, your account name is adetgjc-nof9345. You can find your account name by using the "copy account link" function in the Snowflake admin console.

Assume that the account name is xy12345.

Cloud platform Region Full account name

AWS

US East (N. Virginia)

xy12345.us-east-1

US East (Ohio)

xy12345.us-east-2.aws

US West (Oregon)

xy12345

Canada (Central)

xy12345.ca-central-1.aws

EU (Ireland)

xy12345.eu-west-1

EU (Frankfurt)

xy12345.eu-central-1

Asia Pacific (Singapore)

xy12345.ap-southeast-1

Asia Pacific (Sydney)

xy12345.ap-southeast-2

GCP - Preview

us-central1 (Iowa)

xy12345.us-central1.gcp

Azure

East US 2

xy12345.east-us-2.azure

US Gov Virginia

xy12345.us-gov-virginia.azure

Canada Central

xy12345.canada-central.azure

West Europe

xy12345.west-europe.azure

Australia East

xy12345.australia-east.azure

User

Enter the Snowflake account username.

Password

Enter the Snowflake account password.

Private Key

Upload the private key file or paste the contents of the private key. (Key Pair authentication only)

Passphrase

Enter the passphrase required to access the private key. If the private key was not encrypted, leave this field blank. (Key Pair authentication only)

Role

Specify the privilege of the user. (Optional when OAUth is selected.)

Warehouse

Specify the warehouse associated with the connection. (Optional when OAUth is selected.)

Database

Specify the database associated with the account. (Optional)

(OAuth and OAuth with PKCE only) OAuth Client ID

Enter the OAuth client ID associated with the Snowflake database.

(External OAuth) Enter the client id of the OAuth application created in the identity provider.

(OAuth and OAuth with PKCE only) OAuth client secret

Enter the OAuth client secret associated with the Snowflake database.

(External OAuth) Enter the client secret of the OAuth application created in the identity provide

(OAuth and OAuth with PKCE only) Scope

(External OAuth) Scope maps to a role in your Snowflake database.

For OAuth with Azure AD provider, it should be similar to https://<APPLICATION_ID_URI>/session:role:developer offline_access openid. For more information, see: part 1, step 8 in Configure Azure AD external OAuth for a Snowflake connection.

For OAuth with Okta, it should be similar to session:role:developer offline_access openid.

(OAuth and OAuth with PKCE only) Auth Url

ThoughtSpot performs an "Authorization Code" grant type flow to get the access token. Get the authorization endpoint for the respective identity provider from its console.

For Azure AD, it can be obtained from the Azure portal by navigating to Azure Active Directory resource. It should be similar to https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/authorize.

For Okta, it should be similar to https://<organization>.okta.com/oauth2/<alphanumeric id>/v1/authorize.

(OAuth and OAuth with PKCE only) Access Token Url

(External OAuth) Enter the Access Token Url associated with your external identity provider.

For Azure AD, it can be obtained from the Azure portal by navigating to Azure Active Directory resource. It should be similar to https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token.

For Okta, it should be similar to https://<organization>.okta.com/oauth2/<alphanumeric id>/v1/token.



Was this page helpful?