You can configure standard, authorization code, and client credentials authentication types to access Snowflake. Consider using authorization code or client credentials authentication to connect more securely to Snowflake. Key pair authentication type is not applicable.
Before you configure the connection properties, you need to keep the authentication details handy based on the authentication type that you want to use.
Standard
To connect to Snowflake using standard authentication, you need the Snowflake account name, warehouse name, user name, and either your account password or a programmatic access token (PAT).
Let's get the required details such as the Snowflake account name, warehouse, and role details from the Snowflake account.
The following image shows you where you can find the name of your Snowflake account:
The following image shows you where you can find the name of the warehouse and role details of your Snowflake account:
Generate the programmatic access token
To connect to Snowflake using standard authentication, you can use a programmatic access token (PAT) generated in Snowflake instead of your account password.
If you use the Secure Agent deployed in your environment, serverless runtime environment, or elastic runtime environment, you need to allow the range of IP addresses to connect to Snowflake using a PAT.
To allow the range of IP addresses in Snowflake, perform the following tasks:
1Create a network rule for the allowed IP addresses.
For more information about creating a network rule, see Working with network rules in the Snowflake documentation.
2Create a network policy for the network rule that you created.
For more information about creating a network policy, see Working with network policies in the Snowflake documentation.
To connect to Snowflake using the OAuth 2.0 authorization code, you need the Snowflake client ID, authorization URL, access token URL, and access token.
To get the authorization details, you need to create an authorization integration in Snowflake, and register the Informatica redirect URL in Security Integration. Security Integration is a type of integration that enables clients that support OAuth to redirect users to an authorization page and generate access tokens, and optionally, refresh tokens to access Snowflake.
Register the following Informatica redirect URL in Security Integration:
https://<Informatica cloud hosting facility for your organization>/ma/proxy/oauthcallback
If the access token expires, Informatica redirect URL, which is outside the customer firewall, tries to connect to the endpoint and retrieves a new access token.
For more information about how to create a security integration and get the authorization details, see Create security integration in the Snowflake documentation.
Client credentials
To connect to Snowflake using OAuth 2.0 client credentials, you need your Snowflake client ID, access token URL, client secret, scope, and the access token.
Configure the OAuth endpoint with the client credentials grant type and then create a security integration to get the authorization details.
Before you use the client credentials authentication to connect Snowflake, the organization administrator needs to perform the prerequisite tasks.
1Create a client application that is compatible with OAuth to use with Snowflake.
2Configure the authorization server with the client credentials Grant type.
3Create a security integration of type OAuth in Snowflake.
