Managed credentials

The Posit Team Native App uses Snowflake OAuth, which lets users access Snowflake resources with their Snowflake identity, without configuring passwords or tokens. Posit Workbench manages per-user credentials within each session. Posit Connect allows access by content to Snowflake resources using viewer integrations and service account integrations.

Workbench and Connect need to be separately configured to use Snowflake OAuth integrations.

Workbench managed credentials

When you configure a Snowflake OAuth security integration for Workbench, a user session receives managed credentials derived from the Snowflake identity they signed in with.

Administrators enable managed credentials by configuring the Snowflake OAuth integration during setup. See Snowflake managed credentials in the Workbench setup guide.

Managed credentials power three common workflows:

  • Access Snowflake data: Query Snowflake directly from R and Python sessions using your own Snowflake identity. Connections, drivers, and tools such as the Snowflake Connector for Python and ODBC pick up the managed connection without further configuration.
  • Publish to Connect: Deploy content to a Snowflake-hosted Connect installation using your managed Snowflake connection, instead of configuring key-pair authentication. When both Workbench and Connect run inside Snowflake, managed credentials authenticate publishing between them. See Publish from within Snowflake for the deployment steps.
  • Use Snowflake Cortex models in Positron: Posit Assistant and assistant packages such as gander and chores use the Snowflake Cortex provider for generative AI features, reaching Cortex through your managed credentials.

For the full user workflow, see the Snowflake managed credentials documentation.

Connect OAuth integrations

Connect uses a separate Snowflake OAuth integration so that published content can query Snowflake on behalf of the viewer or publisher.

Administrators configure this integration during setup. See OAuth integrations in the Connect setup guide, and the Snowflake OAuth integration administrator documentation for the full configuration.

Publishers then add the integration to their content so it can access Snowflake at runtime. See Adding OAuth integrations to deployed content.

Back to top