Reach out to Omni support to have database OAuth enabled.
OAuth types
Omni supports two OAuth modes for Snowflake. Both enforce per-user database permissions, but they differ in how users authenticate.Native OAuth
With native OAuth, users authenticate directly with Snowflake’s built-in OAuth server. When a user runs a query for the first time, they’re prompted to sign in with their Snowflake credentials. This is the simpler option — it doesn’t require an external identity provider and can be configured entirely between Omni and Snowflake.Snowflake native OAuth
Set up native OAuth for Snowflake
External OAuth
With External OAuth, users authenticate through an external identity provider (IdP) such as Okta, Entra ID (Azure AD), or Ping Identity. The IdP issues a token that Snowflake trusts, so users sign in with their existing corporate identity rather than separate database credentials. This option is more complex to configure — it involves setup in the IdP, Snowflake, and Omni — but it centralizes authentication through the identity provider your organization already uses.Snowflake + Okta External OAuth
Set up federated OAuth for Snowflake connections using Okta
Snowflake + Microsoft Entra ID External OAuth
Set up federated OAuth for Snowflake connections using Microsoft Entra ID (Azure AD)
Warehouse configuration
Omni’s Snowflake OAuth integration supports per-user warehouse routing through a user’s assignDEFAULT_WAREHOUSE. This is useful for organizations that manage role-to-warehouse mappings in Snowflake for per-user or per-team cost attribution. Instead of pinning all users to a single warehouse in Omni, each user’s queries route to their assigned warehouse based on their Snowflake configuration.
Before implementing, note that:
- Your users must have an assigned
DEFAULT_WAREHOUSEin Snowflake to use this feature. Otherwise they’ll receiveNo active warehouseerrors when they try to run queries in Omni. - Model-level
compute_routingandwarehouse_overridesettings take precedence over user default warehouses.
Limitations
Before enabling OAuth for Snowflake, review the Limitations for OAuth. These limitations apply to both Native and External OAuth.Related
- Troubleshooting Snowflake OAuth - Diagnose and resolve common issues with Omni’s Snowflake OAuth integration
- Access grants — Control which fields and tables are visible to each user in the model and field browser
- Content permissions — Control which dashboards and documents users can access

