Skip to main content

System and System Line Configuration

This section provides all information which is relevant for the configuration of a System Line and a System of kind "Snowflake". It can be created and administrated in the Portal's menu System Lines.

System Line

The configuration is equivalent to the other kinds of System Line configurations and requires the following information:

  • Kind: Snowflake

  • Authentication: Enabled

  • Short Name: Descriptive and identifying name

System Configuration

System data

  • Short Name: A descriptive and identifying name

  • Location: Assign the System to a Location (has to be created and enabled before)

  • Authentication: Several options are available also depending on whether it is enabled on System Line level

    • Delegated: The authentication is specified on the individual Function
      • Per User Basic Auth (User and Password): A user and a password on Function level.
    • Configure on System: All Functions based on this System are using the defined authentication procedure. The following are available:
      • Entra ID OAuth2: Use Entra ID OAuth2 SSO for all Virtual Datasets of this system.
      • Shared Basic Auth (User and Password): Define a user and a password which is used for all Functions of this System.

After providing the System data information and saving additional information is required:

Technical parameters

  • ACCOUNT_ID: Target account identifier in Snowflake.
  • DATABASE: Database name in Snowflake.

Authentication Configuration

There are different options for the Authentication configuration.

Basic Authentication

Not recommended Basic authentication uses hard-coded database user credentials (username & password). These credentials need to be stored in Virtual Data Platform.

Entra ID OAuth2

Create a security integration for Microsoft Entra ID using

create security integration external_oauth_azure_1
    type = external_oauth
    enabled = true
    external_oauth_type = azure
    external_oauth_issuer = '<ENTRA_ID_ISSUER>'
    external_oauth_jws_keys_url = '<ENTRA_ID_JWS_KEY_ENDPOINT>'
    external_oauth_token_user_mapping_claim = 'upn'
    external_oauth_snowflake_user_mapping_attribute = 'login_name'
    external_oauth_audience_list = ('<SNOWFLAKE_APPLICATION_ID_URI>');

where the SNOWFLAKE_APPLICATION_ID_URI equals the Application ID URI of the VDP App Registration in Entra ID. For the remaining settings follow the instructions of the Snowflake Documentation. Make sure, that ANY role mode is enabled as described here.

info

Roles can be blocked or explicitly allowed for being used in ANY mode. For more information please refer to Snowflake documentation

Finally, check the "Enabled" box and save it to make the System available.