Set Up a Snowflake Data Federation Connection

Set up a connection between Snowflake and Data Cloud to access the data. To set up a Snowflake data federation connection for Data Cloud, see Private Connect for Data Cloud.

User Permissions Needed
To create a Snowflake Data Federation connection in Data Cloud.	System Admin profile or Data Cloud Architect permission set

Before you begin:

Review Data Cloud IP Allowlist and update your allowlists.
Get the Snowflake credentials and private key from Snowflake admin. See Key-pair authentication and rotation.
To support large data sizes, contact Snowflake admin and increase the security token expiry time in Snowflake to 24 hours.

You can’t use an existing connection and change it to use Private Connect. This isn’t supported.

In Data Cloud, go to Data Cloud Setup.
Under External Integrations, select Snowflake.
Click New.
Enter a connection name and connection API name.
If you want to use private key-based authentication, enter the private key details.

You can’t use an encrypted private key. When you enter the key, don’t include BEGIN PRIVATE KEY at the start of the key and END PRIVATE KEY at the end.

If you are using private key-based authentication, skip the next step and continue setting up your connection.
If you want to use identity provider-based authentication, toggle the Use Salesforce IDP Auth button and copy the generated external ID. You must keep the connector window open till you finish configuring the authentication.
1. In your Snowflake worksheet, open the SQL Editor and create a dedicated role for DataCloud using this command.
  
  This role to is used to attach to Snowflake OIDC user and pass on the privileges and accesses.
2. Grant access to the appropriate warehouse, database, and schema.
3. If required, add object-level privileges.
4. Create a service user of type WORKLOAD_IDENTITY (OIDC) using this SQL blurb as reference.
  
  Don't convert a human user to a service user. Create a new Snowflake service user specifically for Data Cloud.
  1. In the ISSUER field, enter your org’s My Domain URL followed by /services/connectors. For example, https://yourcompany.my.salesforce.com/services/connectors. See, My Domain.
  2. For the SUBJECT field, enter the external ID copied from the Data Cloud new connection dialog box.
  3. For the OIDC_AUDIENCE_LIST field, enter your org’s My Domain URL. For example, https://yourcompany.my.salesforce.com.
5. Attach the role to the service user that you created.
6. Copy the OIDC username from the query and paste it in the Username field in Data Cloud.
In the Account URL field, enter your Snowflake account URL.
Click Next.
Select a database, and click Save.

See Also

Salesforce Help: Add a Private Network Route for Snowflake