Activity Insights - Snowflake

To display activity data from Snowflake, you can set up a single SaaS connector or configure both a virtual appliance (VA) and Activity Insights - Snowflake connector.

Configuring Activity Insights Using the Snowflake SaaS Connector

If you are using the Snowflake SaaS connector, follow the connector guide to enable Activity Insights.

After a successful test connection, you must correlate accounts and run an aggregation for the Snowflake SaaS source. Your activity data will begin syncing immediately but may take up to 24 hours to display. Data will then update daily.

Configuring Activity Insights Using a VA-Based Source

If you are setting up Activity Insights using a VA-based connector, you must first configure your Snowflake account. You'll then configure both the Snowflake identity governance and Activity Insights - Snowflake connectors so that Identity Security Cloud can gather your account information and display activity data.

Configuring your Snowflake Account

To display Snowflake activity data in Identity Security Cloud, you'll first need to create a Snowflake account and generate an encrypted private key. You'll then grant the Snowflake account the required permissions as well as the ACCOUNTADMIN role. This role combines the SYSADMIN and SECURITYADMIN system-defined roles and can be granted using the GRANT ROLE ACCOUNTADMIN TO USER "UserName"; command.

Configuring the Snowflake Identity Governance Source

Follow the directions to configure your Snowflake source in IdentityNow. You can also edit an existing source.

Configuring the Activity Insights - Snowflake Connector

To display activity data from Activity Insights, you must configure the Activity Insights - Snowflake source in IdentityNow.

Go to Admin > Connections > Sources.
Select Create New to create a new source.
Search for and select the Activity Insights - Snowflake connector.
Enter a name and description for the source.
In the Source Owner field, enter the name of an owner. Matches appear after you type two letters.
(Optional) Select a governance group for source management.
Select the checkbox if the source is an authoritative source. 
Select Continue to create the source.
Select Configuration from the left panel.
Enter the following information:
- Base URL - The Base URL is in the format <account_identifier>.snowflakecomputing.com, where the account identifier is a combination of <orgname>-<account_name>.
- Authentication Type - Select Key Pair Authentication.
- Organization - Your organization's name in Snowflake. You can find this information by using the Show Organization Accounts command and viewing the organization_name column.
- Account - The name of the Snowflake account. You can also find this information by using the Show Organization Accounts command and viewing the account_name column.
- Username - The username used to log in to the Snowflake account.
- Private Key - The Private Key used to authenticate the Snowflake account. The provided key must be an unencrypted private key.
- Passphrase - The passphrase used to validate the private key.
Select Save to save these settings.
Select Review and Test from the left panel.
Select Test Connection to test the connection between the applications. You must have a successful connection for IdentityNow to gather activity data. If the test is unsuccessful, retry your credentials or contact SailPoint Support.

To gather account data, you must correlate accounts and run an aggregation for the Snowflake identity governance source. Your activity data will begin syncing immediately but may take up to 24 hours to display. Data will then update daily.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.