: Onboard a Snowflake App to SSPM
Focus
Focus

Onboard a Snowflake App to SSPM

Table of Contents

Onboard a Snowflake App to SSPM

Connect a Snowflake App instance to SSPM to detect posture risks.
For SSPM to detect posture risks in your Snowflake instance, you must onboard your Snowflake instance to SSPM. Through the onboarding process, SSPM logs in to Snowflake using administrator account credentials. SSPM uses this account to scan your Snowflake instance for misconfigured settings. If there are misconfigured settings, SSPM suggests a remediation action based on best practices.
To onboard your Snowflake instance, you complete the following actions:

Collect Information for Connecting to Your Snowflake Instance

To access your Snowflake instance, SSPM requires the following information, which you will specify during the onboarding process.
ItemDescription
Account nameThe name of your Snowflake account.
User emailThe login email address of a Snowflake administrator account.
(Required Permissions) The administrator must be assigned to the ACCOUNTADMIN role and the ORGADMIN role.
PasswordThe password for the Snowflake administrator account.
As you complete the following steps, make note of the values of the items described in the preceding table. You will need to enter these values during onboarding to access your Snowflake instance from SSPM.
  1. Identify the Snowflake administrator account that SSPM will use to access your Snowflake instance. Verify that the administrator is assigned to both the ACCOUNTADMIN role and the ORGADMIN role.
    To verify that the account is assigned to the necessary roles, complete the following steps:
    1. From the left navigation pane in Snowflake, select AdminUsers & Roles.
    2. Select the name of the user whose roles you want to verify.
    3. On the information page for the user, locate the Granted Roles section. Verify that the user is assigned to the ACCOUNTADMIN and ORGADMIN roles. If the user is not assigned to these roles, you can Grant Role.
  2. Identify your Snowflake account name.
    1. In the left navigation pane in Snowflake, select your account profile name at the bottom of the pane.
    2. Hover over the profile name and Copy account URL
    3. The URL that you copied includes your Snowflake account name. In the URL, the account name appears as a subdomain after the "https://" scheme and before the "snowflakecomputing.com" domain. The URL format is https://<account-name>.snowflakecomputing.com.

Connect SSPM to Your Snowflake Instance

By adding a Snowflake app in SSPM, you enable SSPM to connect to your Snowflake instance.
  1. From the Add Application page (Posture SecurityApplicationsAdd Application ), click the Snowflake tile.
  2. Under posture security instances, Add Instance or, if there is already an instance configured, Add New instance.
  3. Choose the option to Log in with Credentials.
  4. Enter the user credentials and the account name.
  5. Connect.