Help & Documentation
Open Support Ticket

Gathering Data in Snowflake Account

This article describes a second step of Connecting to Snowflake MCP Server. Log into the Snowflake account and gather the necessary data.

Prerequisites:

  • Snowflake account with ACCOUNTADMIN privileges.

In this article:

Data for MCP Server Setup

During the MCP Server setup the following data is required. To get that data login into the Snowflake account.

1. "account" Value

Go to Admin > Accounts

  1. In the row of the account that has ACCOUNTADMIN privileges hover over the link icon to show the account's locator.
  2. Copy the xxxxxxx.us-east-2.aws part, this is the account value.

2. "database" and "schema" Values

Access Catalog

Copy the titles of database and schema used for the connection with MCP server.

3. "token" Value

Access User menu > Settings > Authentication

  1. [Generate new token]
  2. Name: Give the token a descriptive name.
  3. Expires in: Select the expiration period.
  4. Grant access: Select the account to which the access is given.
  5. [Generate]
  6. Copy the token and save it somewhere. Its impossible to see it ever again after you close this window.

4. Check Credentials

As a result, for MCP Server setup you need to have the following credentials copied:

  • account;
  • database;
  • schema;
  • token.

Credentials for Auth Type

To create a Snowflake External Resource Configuration with "Service Account Token" or "User OAuth" Auth Type, you will have to perform additional configurations in Snowflake account.

1. Access My Workspace

Return to Snowflake account and access Projects

Click [+ Add New] in My Workspace section and select "SQL File" from the dropdown menu to add a Security Integration.

2. Configure Security Integration

Add the following query into the text field:

CREATE SECURITY INTEGRATION [integration_name]_oauth
TYPE = OAUTH
ENABLED = TRUE
OAUTH_CLIENT = CUSTOM
OAUTH_CLIENT_TYPE = 'CONFIDENTIAL' 
OAUTH_REDIRECT_URI = 'https://[instance].metricinsights.com/data/editor/service/validate-data-source-oauth' 
OAUTH_ISSUE_REFRESH_TOKENS = TRUE
OAUTH_REFRESH_TOKEN_VALIDITY = 7776000;

Replace [integration_name] with the name of Security Inegration and the [instance] with the name of Metric Insights instance where the Concierge you are connecting Snowflake with is configured.

3. Get OAUTH Client and Secret

Add the following query to the code:

SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('[INTEGRATION_NAME]_OAUTH');

NOTE: The Security Integration name must be capitalized.

After adding a query, click the run button.

In the Results tab, you’ll see the JSON with OAUTH_CLIENT_SECRET_2, OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET. Download the results file and copy OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET values from the table.

4. Get Server Value

Go to Admin > Accounts

  1. In the row of the account that has ACCOUNTADMIN privileges hover over the link icon to show the account's locator.
  2. Copy the xxxxxxx.us-east-2.aws.snowflakecomputing.com part, this is the Server address.

5. Check Credentials

As a result, you need to have the following credentials copied:

  1. OAUTH_CLIENT_ID;
  2. OAUTH_CLIENT_SECRET;
  3. Server address.
    • NOTE: Server value must be inserted without "https://" at the beginning and without ‘/’ at the end.