In this article we will explore setting up Tableau to Snowflake OAuth, when to user it, and how to embed your OAuth credentials. Connecting Tableau to Snowflake historically was achieved with end user passwords or system users where credentials could be embedded.
In 2025 you will be required to use a federated login via Okta, Key Pairs, or OAuth. In this article we will explore the Snowflake OAuth process.
When should you use Snowflake OAuth in Tableau?
While Snowlake OAuth works well for interactive logins, it’s not ideal for embedded credentials because:
User-Specific Tokens: If an OAuth token is revoked or changed, every connection that used that OAuth identity needs updating.
Token Expiration: OAuth tokens expire and need periodic re-authentication.
Setup Tableau Desktop and Server Snowflake OAuth Connectivity
Tableau is a partner app for Snowflake, so there are standard commands to allow Tableau desktop, server, and cloud to connect.
Within Snowflake you will need AccountAdmin or SecurityAdmin permissions to add and execute the following SECURITY INTEGRATION code.
Tableau Desktop
CREATE SECURITY INTEGRATION td_oauth_int1
TYPE = OAUTH
ENABLED = TRUE
OAUTH_CLIENT = TABLEAU_DESKTOP;Tableau Cloud / Server
CREATE SECURITY INTEGRATION ts_oauth_int1
TYPE = OAUTH
ENABLED = TRUE
OAUTH_CLIENT = TABLEAU_SERVER;Create and Login a Snowflake Connection in Tableau
Add a new Snowflake connection or edit the authentication for an existing connection
Login with your Snowflake credentials
Upon successful login and and confirmation with multi-factor authentication you will see a confirmation screen to confirm and then if successful you will see the following screen:
If you see an error, please make sure to login and not let too much time pass before taking each step as the process will time out.
Publishing Workbook with Embedded Password
We don’t recommend taking this approach unless you are the primary user or you are publishing for development and validation. For production, embedded credentials, we recommend using key pairs.
Some organizations build role based access to Tableau reports where database authentication is enabled by default.
If you attempt to embed a password for an OAuth connected Tableau report, you need to set your token on Tableau server:
Setup Snowflake OAuth Credentials on Tableau Cloud for
Setting up your Snowflake credentials on Tableau cloud simplifies your login process and eliminates keeping track of basic connection strings when you are already authenticated to Tableau server.
Open Tableau server or Tableau cloud
Click “My Account Settings”
Authenticate and grant access for Tableau to connect to Snowflake.
Your Snowflake instance is now enabled for you to author and embed credentials
Now, when you return to Tableau desktop, if you go to enable embedded credentials it will embed as your user.
Changing a Connection with Snowflake OAuth User to Existing Connection
If you have previously published a data source to Tableau cloud that was set as user/pw you can not modify it to OAuth. Instead you need to download the connection, adjust it and re-publish
If you open an existing data source you can adjust and add-new connections. This is quite helpful for scenarios where employees are no longer working for your organization. This does create a lot of risk and work, which is why we recommend key pair authentication for embedded credentials.
