All Collections
Enterprise Authentication
Passthrough Authentication - Snowflake
Passthrough Authentication - Snowflake

Extend your Snowflake role level permissions into Astrato

Christophe Costantini avatar
Written by Christophe Costantini
Updated over a week ago


Astrato supports security integration with Snowflake; this allows customers to use their existing authentication and authorization configuration, including roles, as they have applied them to their Snowflake platform.

Organizations using an Okta integration for Single Sign-On (SSO) with Snowflake can enable Enterprise Authentication so that each user of Astrato is individually identified in Snowflake and served only the content they are permitted to see.

Through a single Astrato dashboard or workbook, permissions and access according to your Security protocols apply to:

  • table or view levels

  • individual rows or columns

  • data masking for specific users (e.g. linked to geographic restrictions)

  • length of time Astrato caches a user's credentials.

All these features work with the ID protocol (IdP) that you’ve set up so that a single workbook in Astrato shows a different set of data for each user.

Using Snowflake's row-level permissions and data masking in Astrato

Row-level permissions in Snowflake allow customers to restrict the rows in a table to specific users. Once Security integration is configured between Astrato and SnowFlake, no further permissions set up is required in Astrato workbooks.

All queries sent from Astrato automatically pass through permissions configured in Snowflake and are applied to the results.

In the diagram in Example 1, Jeremy can only see Europe’s sales data and Olivia can only see North America’s data based on the permissions configured in Snowflake.

Screenshot shows row-level security for Snowflake using SSO - single sign on

Example 1 - Row-level security using SSO

In addition to row-level permissions, data masking can be applied in Snowflake based on the user's permissions.

In Example 2 Angelika and Peter have access to the same HR dashboard created in a single workbook in Astrato, but Peter isn't allowed to see personal data.

Example 2 - Data masking using SSO in Snowflake applied to a dashboard in Astrato.

Creating access integration in Snowflake for Astrato

  1. Connect to your Snowflake tenant

  2. On a worksheet in Snowflake, run a query to create an OAuth connection that pulls in your client ID and client secret.

The rest of the steps are the same for setting up Enterprise Authentication in Astrato.

Did this answer your question?