Supported databases
OAuth connections are currently supported for:Requirements
To follow the steps in this guide, you’ll need:- To have the OAuth database connection feature enabled in your Omni account
- Organization Admin permissions
- A service account with access to all schemas and tables you want to use in Omni. This is required even when OAuth is enabled, because Omni uses the service account to build the model.
Limitations
Before enabling OAuth, review the following limitations:| Area | Details |
|---|---|
| Model and IDE | Omni models will be built using the service account. All users will see the same tables and fields in the model unless you restrict visibility with access grants. |
| Field picker | All fields and tables will be visible in the workboook’s field browser unless explicitly restricted with access grants |
| Scheduling | Schedules run as the schedule creator and cannot be personalized with user attributes. Schedules may also fail when the creator’s OAuth token expires — the creator must re-authenticate to resolve this. |
| Caching | Caches are not shared across users, which results in a lower cache hit rate and higher data warehouse costs. The same applies to cubes and extracts. |
| Content visibility | Users may be able to open dashboards that reference data they don’t have database permissions to query, which can result in permission errors. |
Setup
Get OAuth credentials
Create an OAuth integration in Snowflake and retrieve the Client ID and Client Secret. Refer to Snowflake’s OAuth documentation for instructions.
Configure the connection in Omni
- In Omni, navigate to the connection settings page for your Snowflake connection.
- Fill in the fields as required.
- In the Authentication Type dropdown, select OAuth User Authentication.
- Enter the OAuth Client ID and OAuth Client Secret from the previous step into the respective fields.
- Save the connection settings.
You must still configure a service account on this connection. Omni uses the service account to build the model, which provides the foundation for all user queries.
Verify the user experience
After saving, each Omni user will be prompted to authenticate with Snowflake the first time they run a query in a workbook or dashboard. This prompt reappears when their OAuth token expires.Once authenticated, Omni uses the user’s database permissions in place of the service account for all queries that user runs.
Next steps
To ensure database permissions align with what users see in Omni, we recommend implementing:- Access grants to control which fields and tables are visible to each user in the model and field browser
- Content permissions to control which dashboards and documents users can access