Connect to Snowflake to query and analyze your cloud data warehouse. Supports tables with geography columns for spatial analysis.
Connect to Snowflake
- Click Add data in the Layers panel
- Go to the Connections tab
- Select Snowflake
- Fill in the connection parameters
- Click Create Connection
Connection Parameters
| Parameter | Required | Description |
|---|---|---|
| Connection Name | Yes | A friendly name to identify this connection |
| Account Identifier | Yes | Your Snowflake account (e.g., ORGNAME-ACCOUNTNAME) or full Account URL |
| Username | Yes | Your Snowflake username (not required for OAuth) |
| Warehouse | Yes | Warehouse to use for queries |
| Database | Yes | Default database to connect to |
| Schema | Yes | Default schema (default: PUBLIC) |
| Role | No | Role to use for this connection |
Find your account identifier in Snowsight under Admin → Accounts. The Account URL format (https://ORGNAME-ACCOUNTNAME.snowflakecomputing.com) is also accepted.
Authentication Methods
Choose one of four authentication methods:
Access Token (Recommended)
Use a programmatic access token (PAT) for secure authentication without storing passwords.
- Go to Snowsight → User menu → My Profile
- Click Access Tokens → Generate Token
- Copy and paste the token into Atlas
OAuth
Use Snowflake's browser-based OAuth flow. This is the recommended alternative when your organization's network policy blocks programmatic access tokens.
OAuth requires a Security Integration configured by a Snowflake ACCOUNTADMIN.
Step 1 — Create a Security Integration in Snowflake:
When you select OAuth in Atlas, the connection form displays the exact CREATE SECURITY INTEGRATION SQL to run, with the Atlas redirect URI pre-filled. Copy it and run it in Snowflake as an ACCOUNTADMIN or SECURITYADMIN.
Step 2 — Authorize in Atlas:
- Select OAuth as the authentication method
- Enter your Account Identifier or paste the full Account URL
- Select the Role to use — note that ACCOUNTADMIN and SECURITYADMIN are blocked by Snowflake's OAuth policy; use a standard role
- Click Authorize with Snowflake to complete the OAuth handshake in a popup window
Atlas stores the refresh token and re-authorizes automatically. No passwords or private keys are stored.
Private Key
Use RSA key-pair authentication for enhanced security.
- Generate a key pair in PKCS#8 format:
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub
- Register the public key with your Snowflake user
- Upload the
.p8file or paste the PEM key in Atlas
Password
Standard username and password authentication. Less secure than token or key-based methods.
Working with Data
After connecting, browse available schemas and tables. Select the data you want to import and click Add to Project. Tables with Snowflake Geography columns import as vector layers.
Network Policies
If your Snowflake account uses network policies, add these Atlas IP addresses to your allowed list:
116.16.129.130
251.20.23.178
313.50.71.210
451.21.188.73Troubleshooting
| Issue | Solution |
|---|---|
| Invalid Account | Check account format: ORGNAME-ACCOUNTNAME. Find in Admin → Accounts |
| Authentication Failed | Verify credentials match the selected auth method. |
| Warehouse Not Found | Confirm warehouse name and that your user has access. |
| Database/Schema NotFound | Check names are correct. Snowflake identifiers are case-insensitive. |
| Permission Denied | Verify role has SELECT privileges on the target tables. |
| OAuth: role blocked | ACCOUNTADMIN and SECURITYADMIN cannot be used with OAuth. Switch to a standard role in your Security Integration. |