Connecting to Snowflake
Kyomi supports two authentication methods for Snowflake. Choose the one that best fits your organization's security requirements.
Which authentication method should I use?
| Method | Best For | Setup Complexity |
|---|---|---|
| Username/Password | Quick setup, individual access | Easy |
| OAuth | Enterprise SSO, per-user audit trails | Advanced |
Connection Details
Before configuring authentication, you'll need your Snowflake account identifier.
Account Identifier
Your account identifier is found in your Snowflake URL:
- Format:
<account_identifier>(e.g.,xy12345.us-east-1ormyorg-myaccount) - Where to find it: Look at your Snowflake URL -
https://xy12345.us-east-1.snowflakecomputing.com - The account identifier is the part before
.snowflakecomputing.com
Optional Settings
After connecting, you can configure:
- Warehouse: Compute warehouse for running queries
- Default Database: Database to use when not specified in queries
- Default Schema: Schema to use (usually
PUBLIC) - Role: Snowflake role for access control
Method 1: Username/Password
The simplest way to connect using your Snowflake username and password.
Prerequisites
- Snowflake user account with appropriate permissions
- Password authentication enabled for your account
Setup Steps
- In the datasource modal, select Snowflake as the datasource type
- Enter your Account Identifier (e.g.,
xy12345.us-east-1) - Click Connect to test the connection
- Select your Warehouse from the dropdown
- Optionally select a Default Database and Schema
- Enter your Snowflake Username and Password
- Click Save
Required Permissions
Your Snowflake user needs:
USAGEprivilege on the warehouseUSAGEprivilege on databases and schemas you want to querySELECTprivilege on tables you want to read
Method 2: OAuth (Enterprise)
Configure OAuth for enterprise SSO integration. Users authenticate with their corporate credentials.
Prerequisites
- Snowflake account with OAuth configured
- OAuth Security Integration created in Snowflake
- Access to create OAuth clients
Step 1: Create Security Integration
In Snowflake, create an OAuth integration:
sql
CREATE OR REPLACE SECURITY INTEGRATION kyomi_oauth
TYPE = OAUTH
ENABLED = TRUE
OAUTH_CLIENT = CUSTOM
OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
OAUTH_REDIRECT_URI = 'https://app.kyomi.ai/auth/oauth/snowflake/callback'
OAUTH_ISSUE_REFRESH_TOKENS = TRUE
OAUTH_REFRESH_TOKEN_VALIDITY = 86400;Step 2: Get Client Credentials
sql
-- Get the client ID and secret
SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('KYOMI_OAUTH');Step 3: Configure in Kyomi
- In the datasource modal, select Snowflake
- Enter your Account Identifier
- Click Connect
- Select your Warehouse, Database, and Schema
- Choose OAuth as the authentication method
- As an admin, enter the OAuth Client ID and Client Secret
- Click Save
- Each user clicks Connect with Snowflake to authenticate
Catalog Indexing
Configure which databases Kyomi should index for AI-assisted queries.
Databases to Index
Select the databases you want Kyomi to index:
- Tables and columns from these databases will appear in the catalog
- The AI will use this information to help write queries
- Leave empty to index all accessible databases
Troubleshooting
"Invalid account identifier" error
- Ensure you're using the correct format (e.g.,
xy12345.us-east-1) - Check if your organization uses a custom account name
"Warehouse not found" error
- Verify the warehouse exists and is running
- Check that your user has
USAGEprivilege on the warehouse
"Authentication failed" error
- For password auth: Verify username and password are correct
- For OAuth: Check that the security integration is enabled and credentials are correct
Can't see expected databases/schemas
- Verify your user/role has
USAGEprivilege on the databases - Check role hierarchy if using a specific role