SaaS Security Administrator's Guide
    : Onboard a Snowflake App to SSPM
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. SaaS Security Posture Management
    5. Onboard SaaS Apps Supported by SSPM
    6. Onboard a Snowflake App to SSPM
    Download PDF

    SaaS Security Administrator's Guide

    Onboard a Snowflake App to SSPM

    Table of Contents

    Onboard a Snowflake App to SSPM

    Connect a Snowflake App instance to SSPM to detect posture risks.
    For SSPM to detect posture risks in your Snowflake instance, you must onboard your Snowflake instance to SSPM. Through the onboarding process, SSPM logs in to Snowflake using administrator account credentials. SSPM uses this account to scan your Snowflake instance for misconfigured settings. If there are misconfigured settings, SSPM suggests a remediation action based on best practices.
    To onboard your Snowflake instance, you complete the following actions:

    Collect Information for Connecting to Your Snowflake Instance

    To access your Snowflake instance, SSPM requires the following information, which you will specify during the onboarding process.
    Item
    Description
    Account name
    The name of your Snowflake account.
    User email
    The login email address of a Snowflake administrator account.
    (
    Required Permissions
    ) The administrator must be assigned to the ACCOUNTADMIN role and the ORGADMIN role.
    Password
    The password for the Snowflake administrator account.
    As you complete the following steps, make note of the values of the items described in the preceding table. You will need to enter these values during onboarding to access your Snowflake instance from SSPM.
    1. Identify the Snowflake administrator account that SSPM will use to access your Snowflake instance. Verify that the administrator is assigned to both the ACCOUNTADMIN role and the ORGADMIN role.
      To verify that the account is assigned to the necessary roles, complete the following steps:
      1. From the left navigation pane in Snowflake, select
        Admin
        Users & Roles
        .
      2. Select the name of the user whose roles you want to verify.
      3. On the information page for the user, locate the Granted Roles section. Verify that the user is assigned to the ACCOUNTADMIN and ORGADMIN roles. If the user is not assigned to these roles, you can
        Grant Role
        .
    2. Identify your Snowflake account name.
      1. In the left navigation pane in Snowflake, select your account profile name at the bottom of the pane.
      2. Hover over the profile name and
        Copy account URL
      3. The URL that you copied includes your Snowflake account name. In the URL, the account name appears as a subdomain after the "https://" scheme and before the "snowflakecomputing.com" domain. The URL format is https://
        <account-name>
        .snowflakecomputing.com.

    Connect SSPM to Your Snowflake Instance

    By adding a Snowflake app in SSPM, you enable SSPM to connect to your Snowflake instance.
    1. From the Add Application page (
      Posture Security
      Applications
      Add Application
       ), click the Snowflake tile.
    2. Under posture security instances,
      Add Instance
       or, if there is already an instance configured,
      Add New
       instance.
    3. Choose the option to
      Log in with Credentials
      .
    4. Enter the user credentials and the account name.
    5. Connect
      .

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.