SaaS Security
Onboard a Snowflake App to SSPM
Table of Contents
Onboard a Snowflake App to SSPM
Connect a Snowflake App instance to SSPM to detect posture risks.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Data Security license:
|
For SSPM to detect posture risks in your Snowflake instance, you must onboard your
Snowflake instance to SSPM. Through the onboarding process, SSPM logs in to
Snowflake using administrator account credentials. SSPM uses this account to scan
your Snowflake instance for misconfigured settings. If there are misconfigured
settings, SSPM suggests a remediation action based on best practices.
To onboard your Snowflake instance, you complete the following actions:
Collect Information for Connecting to Your Snowflake Instance
To access your Snowflake instance, SSPM requires the following information, which
you will specify during the onboarding process.
| Item | Description |
|---|---|
| Account name | The name of your Snowflake account. |
| User email | The login email address of a Snowflake administrator
account. (Required Permissions) The
administrator must be assigned to the ACCOUNTADMIN role
and the ORGADMIN role. |
| Password | The password for the Snowflake administrator account. |
As you complete the following steps, make note of the values of the items
described in the preceding table. You will need to enter these values during
onboarding to access your Snowflake instance from SSPM.
- Identify the Snowflake administrator account that SSPM will use to access your Snowflake instance. Verify that the administrator is assigned to both the ACCOUNTADMIN role and the ORGADMIN role.To verify that the account is assigned to the necessary roles, complete the following steps:
- From the left navigation pane in Snowflake, select .
- Select the name of the user whose roles you want to verify.
- On the information page for the user, locate the Granted Roles section. Verify that the user is assigned to the ACCOUNTADMIN and ORGADMIN roles. If the user is not assigned to these roles, you can Grant Role.
Identify your Snowflake account name.- In the left navigation pane in Snowflake, select your account profile name at the bottom of the pane.
- Hover over the profile name and Copy account
URL
![]()
- The URL that you copied includes your Snowflake account name. In the URL, the account name appears as a subdomain after the "https://" scheme and before the "snowflakecomputing.com" domain. The URL format is https://<account-name>.snowflakecomputing.com.
Connect SSPM to Your Snowflake Instance
By adding a Snowflake app in SSPM, you enable SSPM to connect to your Snowflake instance.- From the Add Application page ( ), click the Snowflake tile.Under posture security instances, Add Instance or, if there is already an instance configured, Add New instance.Choose the option to Log in with Credentials.Enter the user credentials and the account name.Connect.
