> ## Documentation Index
> Fetch the complete documentation index at: https://docs.omni.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Configuring native OAuth for Snowflake databases

> Configure native Snowflake OAuth, allowing each Omni user to authenticate with their Snowflake credentials when running queries.

<Note>
  For authenticating Snowflake users with Okta, see [Snowflake + Okta External OAuth](/connect-data/oauth/snowflake/external-okta).
</Note>

## Requirements

To follow the steps in this guide, you'll need:

* **In Omni**:
  * To have the [**OAuth database connection**](/connect-data/oauth) feature enabled
  * **Organization Admin** permissions
  * **An existing Snowflake connection.** Refer to [Connecting a Snowflake database](/connect-data/setup/snowflake) before continuing.
* **A Snowflake service account with access to all schemas and tables you want to use in Omni**. This is required even when OAuth is enabled, because Omni uses the service account to build the model.

<Warning>
  Before continuing, review the [OAuth limitations](/connect-data/oauth#limitations).
</Warning>

## Setup

<Steps>
  <Step title="Create a Snowflake OAuth integration" titleSize="h3">
    Create an OAuth integration in Snowflake using `https://callbacks.omniapp.co/callback/oauth` as the `OAUTH_REDIRECT_URI`, then retrieve the **Client ID** and **Client Secret**. Refer to [Snowflake's OAuth documentation](https://docs.snowflake.com/en/user-guide/oauth-intro) for instructions.
  </Step>

  <Step title="Configure the connection in Omni" titleSize="h3">
    <Note>
      You must still configure a service account on this connection. Omni uses the service account to build the model, which provides the foundation for all user queries.
    </Note>

    This guide assumes you have an existing Snowflake connection in Omni. If you don't, refer to [Connecting a Snowflake database](/connect-data/setup/snowflake) for more information.

    1. In Omni, navigate to **Settings > Connections** and click on the Snowflake connection you want to use.
    2. In the **Authentication Type** dropdown, select **OAuth User Authentication**.
    3. Enter the **OAuth Client ID** and **OAuth Client Secret** from the previous step into the respective fields.
    4. Save the connection settings.
  </Step>

  <Step title="Verify the user experience" titleSize="h3">
    After saving, each Omni user will be prompted to authenticate with Snowflake the first time they run a query in a workbook or dashboard. This prompt reappears when their OAuth token expires.

    Once authenticated, Omni uses the user's database permissions in place of the service account for all queries that user runs.
  </Step>
</Steps>

## Next steps

To ensure database permissions align with what users see in Omni, we recommend implementing:

* [**Access grants**](/modeling/models/access-grants) to control which fields and tables are visible to each user in the model and field browser
* [**Content permissions**](/administration/users/permissions) to control which dashboards and documents users can access