Snowflake integration

Integrate Identity Security Posture Management (ISPM) with your Snowflake account.

Generate SQL Command

  1. In the Identity Security Posture Management console, go to SettingsSources gallery.

  2. Select Snowflake.

  3. In the Source Name field, enter a name for this source.

  4. In the Generate SQL Command section, enter the following values:

    • Username / Login Name: Keep the default value or click Edit to make changes.

    • Role: Keep the default value or click Edit to make changes.

    • Warehouse name: Any standard extra-small warehouse. You can use an existing one or create one.

      If you exit the integration window, the values for these fields are reset.

  5. Click Generate SQL Command.

  6. Copy or download the SQL command that you created. You need it later.

To change values for any of these fields after generating a SQL command, you must generate a new SQL command.

Create a Snowflake user

  1. Sign in to Snowflake with an ACCOUNTADMIN role.

  2. Click Worksheets.

  3. Click + Create and select SQL Worksheet to add an SQL worksheet.

  4. Paste the SQL command you generated earlier in the worksheet.

  5. Click Run All.

  6. From the Results tab, copy the SNOWFLAKE_ACCOUNT identifier and store it safely.

Allowlist ISPM IP addresses

If your Snowflake account is restricted by network policies, follow theses steps to add the Okta ISPM server IP addresses to your allowlist:

  1. In Snowflake, use the sidebar to go to Admin Security Network Rules.

  2. Click + Network Rule.

  3. Enter a network rule name and choose where to create the rule.

  4. Select IPv4 as the Type.

  5. Select Ingress as the Mode.

  6. Under Identifiers, add the following IP addresses:

    • 18.98.16.160/27

    • 3.44.64.96/27

    • 3.40.0.96/27

    • 13.52.68.184

    • 54.193.209.206

    • 13.57.96.208

    • 184.72.14.192

    • 13.57.65.107

    • 13.57.96.250

  7. Click Create Network Rule.

  8. Go to the Network Policies tab.

  9. Click + Network Policy.

  10. Enter a network policy name.

  11. Click Allowed.

  12. Under Select rule, select the rule you created earlier.

  13. Click Create Network Policy.

Share the parameters with ISPM

  1. In the Identity Security Posture Management console, go to SettingsSources gallery.

  2. Select Snowflake.

  3. In the Snowflake Account Identifier field, enter the full Snowflake account identifier that you copied earlier.

  4. Click Submit.

    If you leave this screen before clicking Submit, the Snowflake account identifier field becomes inactive. You must re-enter the warehouse name and generate a new SQL command to enable the Snowflake account identifier field.