Snowflake OAuth For User Connections

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

Customer Managed Applies to customer-managed instances of Alation

Available from release 2020.3

Alation supports the OAuth 2.0 protocol for user connections from Compose and the catalog to Snowflake data sources.

A user connection is established by an individual user who wants to access a data source from Alation, as opposed to the connection established via the service account to extract metadata, query history, or data samples.

Users need an individual connection to perform these actions:

  • Compose

    • Execute queries

    • Execute queries on a schedule

    • Run query forms

    • Create Excel Live Reports

  • Catalog

    • Upload data into the data source

    • Perform dynamic sampling of a table or column

    • Run a query form

With OAuth enabled and configured for individual connections, users connecting to Snowflake will be redirected to a login screen of the authorization server (OAuth provider) in a new browser tab. Upon authentication, the login screen will close, and Alation will establish a connection to the data source.


The OAuth 2.0 protocol provides a secure authorization mechanism for applications and users to access a resource. Authorization is managed with access tokens issued by an authorization server. The token holder is allowed to access the resource until the token expires. When an access token has expired, a refresh token can be requested by the application to retrieve a new access token.

Snowflake offers two methods to configure OAuth-based authentication:

  • Snowflake OAuth—Uses the Snowflake built-in authorization server.

  • External OAuth—Uses an integration with an external authorization server (OAuth provider).

Alation supports both these configurations for Snowflake data sources. See next: