Ask or search…
K
Links

Snowflake

You can use CARTO with your data in a Snowflake data warehouse. To create a connection to your Snowflake account, simply select Snowflake in Connections > New Connection.
There are two available methods to connect to Snowflake:
  • Username and password: Just provide CARTO with a valid set of username and password. CARTO will use this credentials to impersonate that user or service account. This is the quickest method to connect to Snowflake. Read more about connecting to Snowflake via username/password.
  • Snowflake and External OAuth: Integrate CARTO and Snowflake via OAuth so that all the users in your organization can grant consent using the same login flow they already use to access Snowflake, including MFA or external identity providers such as Okta or Active Directory. This is the recommended setup, but it needs to be configured first by an admin. Read more about connecting to Snowflake via OAuth.

Connecting to Snowflake with Username and Password

These are the parameters you need to provide:
  • Name for your connection: You can register different connections with the Snowflake connector. You can use the name to identify the connections.
  • Database: Database your connection will use.
  • Username: Name of the user account.
  • Password: Password for the user account.
  • Account: Hostname for your account in the following format: <account_name>.snowflakecomputing.com.
  • Warehouse: Default warehouse that will run your queries. This parameter is optional.
Once you have entered the parameters, you can click the Connect button. CARTO will try to connect to your Snowflake account. If everything is OK, your new connection will be registered.

Connecting to Snowflake via OAuth

Important: in order to use the OAuth method in Snowflake, an admin needs to set up an integration in CARTO first. This integration will be available for all users regardless of their role. Read more about setting up an Snowflake and External OAuth integration.
If this integration is not present, all users will see a note instead, similar to this one.
CARTO supports connecting to Snowflake using OAuth, in two different modes:
Once an admin sets up an integration for any of the two modes (as seen above), there will be a new option in the connection creation process, available for all users.
Clicking on "Connect using OAuth" will trigger an authentication flow where users will have to input their Snowflake credentials for Snowflake OAuth, or their Azure/Okta/Other credentials for External OAuth. After you've successfully authenticated, you will be asked for consent so that CARTO can access your Snowflake data on your behalf, with the scopes listed in this screen.
Snowflake OAuth users also need to select previously the role that they will use for this Snowflake connection.
Example consent flow for an Snowflake OAuth integration. This consent flow would be via Azure AD, Okta or other identity provider External OAuth has been configured
If the OAuth connection is successful, you will move to the next step where the OAuth data (such as the user and account name) has already been pre-filled. Finish the connection setup by adding:
  • Name for your connection: You can register different connections with the Snowflake connector. You can use the name to identify the connections.
  • Database: Database your connection will use.
  • Warehouse: Default warehouse that will run your queries. This parameter is optional.
OAuth connections are tied to personal credentials for specific individuals and therefore they can't be shared across the organization.
After clicking on "Connect", CARTO will validate and test your setup. If the connection is successful, the connection will be added and you can start using it right away.

Advanced options

  • Analytics Toolbox location: This setting controls the location of the Analytics Toolbox used in SQL queries generated by Workflows components, Builder SQL Analyses, 'Create Tileset', 'Geocode Table' and 'Enrich Data' functionalities. By default, CARTO.CARTO will be used.
  • Data Observatory location: This settings controls the location of the Data Observatory subscriptions. This setting will be observed by Data Explorer, Workflows and Enrichment to access your data subscriptions. By default, CARTO-DATA.CARTOwill be used.
  • Workflows temp. location: This setting controls the location (DATABASE.SCHEMA) where Workflows will create temporal tables for each node. By default, it's a WORKFLOWS_TEMP schema that will be created in the connection's project during the execution of a workflow. Learn more about it here.

IP Whitelisting

If you're using the cloud version of CARTO (SaaS), CARTO will connect to Snowflake using a set of static IPs for each region. Check this guide to find the IPs you need to allow for your specific region.