Reach out to Omni support to have database OAuth enabled.
OAuth types
Omni supports two OAuth modes for Snowflake. Both enforce per-user database permissions, but they differ in how users authenticate.Native OAuth
With native OAuth, users authenticate directly with the Snowflake’s built-in OAuth server. When a user runs a query for the first time, they’re prompted to sign in with their Snowflake credentials. This is the simpler option — it doesn’t require an external identity provider and can be configured entirely between Omni and Snowflake.Snowflake native OAuth
Set up native OAuth for Snowflake
External OAuth
With External OAuth, users authenticate through an external identity provider (IdP) such as Okta, Entra ID (Azure AD), or Ping Identity. The IdP issues a token that Snowflake trusts, so users sign in with their existing corporate identity rather than separate database credentials. This option is more complex to configure — it involves setup in the IdP, Snowflake, and Omni — but it centralizes authentication through the identity provider your organization already uses.Snowflake + Okta External OAuth
Set up federated OAuth for Snowflake connections using Okta
Limitations
Before enabling OAuth for Snowflake, review the Limitations for OAuth. These limitations apply to both Native and External OAuth.Related
- Access grants — Control which fields and tables are visible to each user in the model and field browser
- Content permissions — Control which dashboards and documents users can access