Connect Snowflake to Row Zero

Row Zero's built-in Snowflake connector makes it easy to connect your spreadsheets to Snowflake using username and password, key-pair authentication, or Snowflake OAuth.

Choosing the right authentication method

Key Pair and password authentication are appropriate for individual Row Zero accounts or for connecting service accounts in larger organizations. For the second use case, we recommend creating a dedicated SERVICE user in Snowflake for this purpose, then connecting Row Zero using key pair authentication. Once the connection is created in Row Zero, you can securely share it with the appropriate people in your organization.

OAuth is the best authentication method for organizations where users have their own Snowflake credentials. Any queries using OAuth connections respect the database permissions of the person who runs the query, including RLS and RBAC.

Note: Snowflake will soon be removing password-only sign-ins. While Row Zero still supports authentication via password, we recommend you connect to Snowflake using Key Pair or Snowflake OAuth.

Connect using a Key Pair or Password

Follow the instructions below to connect to Snowflake using a key pair or password.

  1. In Row Zero, click on the 'Data' icon in the upper right-hand corner and then click the button to 'Add connection.' connect spreadsheet to snowflake
  2. The Snowflake connector requires a few pieces of information defined below. snowflake connector
    • Connection name: This field can be anything that helps identify the data source being connected (e.g. "Production Data" or "Product Metrics"). It will be visible to all users who have access to this connection.
    • Account identifier: This is your organization name and account name combined with a hyphen (-). When logged into Snowflake, find them in the URL: https://app.snowflake.com/org_name/account_name. View Snowflake's docs for additional detail.
    • Username: The username used to log into your Snowflake account.
  3. Choose your authentication method.
    • Key Pair: This is the default method. For help setting up a key pair in Snowflake, read Snowflake's user guide here. Row Zero supports both encrypted and unencrypted private keys. Paste the contents of private key that you generated when setting up your Snowflake user. The text should be in PEM format. If you generated an encrypted private key, enter the passphrase in the form field under the private key. snowflake connector
    • Password: If you still have a legacy Snowflake account that supports password sign in and you do not want to use key-pair authentication, select 'Password' and enter the password you use to log into your Snowflake account. snowflake connector

Connect using Snowflake OAuth

If you wish to use Snowflake's built-in OAuth capabilities to provide OAuth-based authentication for your users when they query Snowflake from Row Zero, follow the steps below. The corresponding Snowflake documentation is here and here. You will need administrator privileges in order to configure these settings in your Snowflake account.

CREATE SECURITY INTEGRATION "Row Zero"
    TYPE = OAUTH
    ENABLED = TRUE
    OAUTH_CLIENT = CUSTOM
    OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
    OAUTH_REDIRECT_URI = 'https://oauth.rowzero.com/oauth/authorization-code/1'
    OAUTH_ENFORCE_PKCE = TRUE
;

Note: It is important to use the name "Row Zero" because Snowflake uses the security integration name as a display name that it shows to users when they are signing in to Snowflake, like this: Sample Snowflake OAuth Display Name

After the create statement succeeds, you will need to run three Snowflake queries to obtain information about your security integration:

SELECT CURRENT_ORGANIZATION_NAME() AS orgname,
       CURRENT_ACCOUNT_NAME() AS accountname,
       CURRENT_ACCOUNT() AS account_locator;

DESCRIBE SECURITY INTEGRATION "Row Zero";

SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('Row Zero');

Once you have the above information, contact us at Row Zero so we can schedule a meeting to configure the OAuth integration on our end.

This is the information that we will need from you:

  1. The following three values from the SELECT CURRENT... result to construct your Snowflake identifier:
    • orgname
    • accountname
    • accountlocator
  2. The following three values from the DESCRIBE SECURITY INTEGRATION result:
    • OAUTH_CLIENT_ID
    • OAUTH_AUTHORIZATION_ENDPOINT
    • OAUTH_TOKEN_ENDPOINT
  3. The client secrets from the SHOW_OAUTH_CLIENT_SECRETS result. Do not share this via email or other unsecured means. We will give you a secure way to provide your secret.