# Snowflake

{% hint style="info" %}
Installing P0 on Snowflake takes about 5 minutes.
{% endhint %}

### Before you begin

You'll need privileges to create users and roles, manage grants, and create databases, shemata, and procedures. You can gain these privileges via the `ACCOUNTADMIN` role.

### Setting up Snowflake

1. Navigate to "Integrations" on [p0.app](https://p0.app), then select "Snowflake". Select "IAM management" from the list of available components:

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-49ff1d2b2407989c42579125f3080f29e7b506c9%2Fimage%20(117).png?alt=media" alt=""><figcaption></figcaption></figure>

2. Click "Add Account":

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-5fdb55bc9271df573a22f02e389778f410d36b18%2Fimage%20(118).png?alt=media" alt=""><figcaption></figcaption></figure>

3. Enter your Snowflake account identifier, then click "Next":

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-2a65cc4cf533225527b5c4d4d8f25f86ad5553a0%2Fimage%20(62).png?alt=media" alt=""><figcaption></figcaption></figure>

4. You'll see a list of SQL commands to run on your Snowflake account. Create a worksheet in the account, run this SQL in the worksheet, then click "Next":

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-17d122004461b767bb963193d1b955ed29a54e5c%2Fimage%20(66)%20(1).png?alt=media" alt=""><figcaption></figcaption></figure>

5. Select your desired configuration options and then click "Finish" to complete the installation. See [Configuring Snowflake](#configuring-snowflake) below for more information about these settings:

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-c6ecd86816d918c18d521ae6d42ef9dff2df9cc9%2Fimage%20(59)%20(1).png?alt=media" alt=""><figcaption></figcaption></figure>

### Configuring Snowflake

1. Choose a default warehouse for generated roles. When P0 creates a role, it will grant access to run queries on this warehouse. You can leave this blank, but users will need to manually specify a warehouse for each request.
2. Choose how users are provisioned in the account:
   1. If users are manually provisioned, and their email address appears in the user object's EMAIL column, choose "Manually, with email in EMAIL".
   2. If users are manually provisioned, and their email address appears in the user object's LOGIN\_NAME column, choose "Manually, with email in LOGIN\_NAME".
   3. If users are provisioned via SCIM, choose the "By SCIM via membership in ..." option corresponding to the directory group that is used to provision users. When choosing this option, P0 will dynamically provision users in Snowflake as access is needed, and remove them when they no longer need access.

{% hint style="warning" %}
SCIM provisioning only works with the Okta directory.
{% endhint %}

That's it. You're ready to make least-privileged, just-in-time requests with Snowflake using p0!