Cortex Agents for Microsoft Teams and Microsoft 365 Copilot¶
Introduction¶
For most teams, accessing timely data insights means context-switching between dedicated analytics platforms and communication tools, leading to delays and reduced productivity. Integrating an agentic AI system into Microsoft Teams can bring the answers directly to where conversations and decisions happen, accelerating the flow of information across your business. But building a secure, in-chat analytics solution that is both powerful and intuitive is a significant undertaking. Fortunately, Snowflake has built one for you.
The Snowflake Cortex Agents integration for Microsoft Teams and Microsoft 365 Copilot embeds Snowflake’s conversational AI agents into your business communication platform. Business teams and non-technical users can interact with their Snowflake structured data using simple, natural language, receiving direct answers and visualizations without leaving their Teams chats or the broader Microsoft 365 ecosystem. The integration is available via Microsoft AppSource for seamless deployment.
Key features¶
Seamless analytics via natural language. Delight your business decision-makers by empowering them to get insights themselves within the Microsoft Teams and Microsoft 365 Copilot interfaces. Users can ask questions conversationally and receive accurate, LLM-powered answers in text, tabular, or chart form on the fly, dramatically accelerating data-driven decision-making.
Dual interfaces for comprehensive workflows. Cortex Agents for Microsoft Teams offer two distinct interfaces to support different business needs. Use the standard Teams Application for dedicated, in-depth analysis within a Teams Bot application chat, or leverage the Microsoft 365 Copilot Agent to bring targeted Snowflake insights into your wider conversational workflow within the Microsoft 365 Copilot ecosystem.
Powered by Snowflake Cortex Agents. This integration is powered by the Snowflake Cortex Agents API, which handles the complexities of generating accurate, reliable insights from your data. The agentic system intelligently interprets user requests and generates responses, saving your teams from having to build complex conversational AI patterns or manage underlying models.
Enterprise-grade security and governance. Built on Snowflake’s privacy-first foundation, the integration ensures you can confidently explore AI-driven use cases. This means:
Your data stays within Snowflake’s governance boundary. User prompts are sent to the Cortex Agents API, but the underlying data queried to generate an answer never leaves Snowflake’s secure environment. The resulting SQL query is executed within your Snowflake virtual warehouse.
Seamless integration with Snowflake’s privacy and governance features. The integration fully respects Snowflake’s role-based access control (RBAC). All queries executed on behalf of a user adhere to their established permissions, guaranteeing that users can only see data they are authorized to access.
Set up integration¶
Cortex Agent’s Microsoft Teams integration allows organization administrators to connect multiple Snowflake accounts to the Teams and Copilot workspaces in their organizations. Setting up the integration involves a few simple steps, summarized below:
Tenant-wide setup by Azure administrator. The integration requires a one-time setup by a Microsoft Azure administrator to grant consent for the Snowflake application within the Azure Active Directory (AAD) tenant. This step enables secure OAuth 2.0 authentication for the integration.
Snowflake security integration. After the Azure administrator has completed the tenant-wide setup, a Snowflake administrator must configure a security integration for each individual Snowflake account that they wish to connect to the Microsoft Teams or M365 Copilot application. This step ensures that the integration can securely access the necessary data within each Snowflake account.
Linking accounts to the bot. Once the security integration is configured, the Snowflake administrator can link the Snowflake account to the Microsoft Teams or M365 Copilot bot. This step allows the bot to access the data and functionality of the Snowflake account, enabling users to interact with their data directly within Teams or Copilot.
Prerequisites¶
Before you begin the integration process, make sure you have established the following:
Administrator access. Setup requires administrative access on both Snowflake and your Microsoft tenant.
Snowflake account region: Your Snowflake account must be hosted in the Azure East US 2 region. Snowflake intends to support additional regions as this preview progresses.
Snowflake administrative privileges: Your Snowflake user must have access to the ACCOUNTADMIN or SECURITYADMIN role. These permissions are required to create the necessary security integration object in your Snowflake account.
Microsoft administrative privileges: You Azure user must have Global Administrator privileges (or an equivalent role) for your Microsoft Entra ID tenant. These privileges are required to grant the necessary tenant-wide admin consent for the application.
Microsoft tenant ID: You need your organization’s Microsoft tenant ID to configure the Snowflake security integration. For more information on finding your organization’s Tenant ID, see Get subscription and tenant IDs in the Azure portal.
Individual User Accounts: Every end user must have their own Microsoft and Snowflake user accounts.
End-user licensing: Users must have the appropriate Microsoft licenses to access Microsoft Teams. A Copilot license is also required if you plan to use the integration with Microsoft 365 Copilot.
Step 1: Tenant-wide Entra ID configuration¶
To enable secure authentication for Cortex Agents, a Microsoft Azure administrator must grant consent for two applications hosted in Snowflake’s tenant, creating a service principal for each application within your Entra ID tenant. The two applications are:
Cortex Agents Bot OAuth Resource: Represents the protected Snowflake API and defines the access permissions (scopes) for client applications.
Cortex Agents Bot Snowflake OAuth Client: Represents the client application, in this case the Teams application back end service, that calls the Snowflake API after requesting an access token.
Instructions for granting consent for these applications are provided below. The process is very similar for both applications, but the specific permissions and scopes differ slightly.
Granting consent for OAuth Resource principal¶
To grant consent for the Cortex Agents Bot OAuth Resource application service principal:
In your browser, navigate to
https://login.microsoftonline.com/<tenant-id>/adminconsent?client_id=5a840489-78db-4a42-8772-47be9d833efe, wheretenant-idis your organization’s Microsoft tenant ID.If you are not already signed in, you will be prompted to do so.
A Permission requested dialog appears, showing the permission that the application requires.
Select Accept to grant the requested permission.
Granting consent for OAuth Client principal¶
This process displays two dialogs. Each is similar to the one for the OAuth Resource principal, but the permissions requested are different.
To grant consent for the Cortex Agents Bot Snowflake OAuth Client application service principal:
In your browser, navigate to
https://login.microsoftonline.com/<tenant-id>/adminconsent?client_id=bfdfa2a2-bce5-4aee-ad3d-41ef70eb5086, wheretenant-idis your organization’s Microsoft tenant ID.A Permissions requested (1 of 2) dialog appears, showing one set of permissions that the application requires.
Select Accept to grant the requested permissions.
The second permission dialog appears (Permissions requested (2 of 2)).
Select Accept to grant the requested permissions.
Important
You may see an error message stating that a required query string parameter was missing, like the following.
{
"error": {
"code": "ServiceError",
"message": "Missing required query string parameter: code. Url = https://unitedstates.token.botframework.com/.auth/web/redirect?admin_consent=True&tenant=<TENANT-ID>"
}
}
You can safely ignore this error. Consent was still granted successfully. To be sure, confirm the permissions were granted successfully by following the instructions in the next section.
Confirming permission grants¶
After granting consent for both applications, you can confirm that the permissions were granted successfully by checking the Enterprise applications section of the Microsoft Entra ID portal.
Log in to the Microsoft Entra admin center if necessary.
Navigate to Enterprise Applications by typing “enterprise applications” in the search box, then selecting Enterprise applications in the results.
In the All applications list, find the two applications for which you just granted consent: Snowflake Cortex Agents Bot OAuth Resource and Snowflake Cortex Agents Bot OAuth Client. An easy way to do this is to search for “Snowflake Cortex Agent.”
If both applications appear in the list, permissions have been correctly granted. If one or both applications are missing, try granting consent again.
Step 2: Snowflake security integration¶
Integrating Snowflake with Microsoft Teams requires a security integration that establishes cryptographic trust between your Snowflake account and your Entra ID tenant. This process requires:
Enabling Entra ID as an external OAUth provider in Snowflake.
Preparing the definition for the Cortex Agent and other required objects.
Making sure the users who will use the agent have permission to access the agent’s Snowflake objects.
Enabling Entra ID as an external OAuth provider¶
A Snowflake security integration object represents an integration with an external OAuth provider, in this case Microsoft Entra ID. This integration allows Snowflake to authenticate users who are logged into Microsoft Teams or Copilot.
The following SQL statement is an annotated template for creating the integration. This command must be
executed by a role with ACCOUNTADMIN privileges. Replace the tenant-id placeholders with your Microsoft
Tenant ID.
CREATE OR REPLACE SECURITY INTEGRATION entra_id_cortex_agents_integration
TYPE = EXTERNAL_OAUTH
ENABLED = TRUE
EXTERNAL_OAUTH_TYPE = AZURE
EXTERNAL_OAUTH_ISSUER = 'https://login.microsoftonline.com/<tenant-id>/v2.0'
EXTERNAL_OAUTH_JWS_KEYS_URL = 'https://login.microsoftonline.com/<tenant-id>/discovery/v2.0/keys'
EXTERNAL_OAUTH_AUDIENCE_LIST = ('5a840489-78db-4a42-8772-47be9d833efe')
EXTERNAL_OAUTH_TOKEN_USER_MAPPING_CLAIM = ('email', 'upn')
EXTERNAL_OAUTH_SNOWFLAKE_USER_MAPPING_ATTRIBUTE = 'email_address'
EXTERNAL_OAUTH_ANY_ROLE_MODE = 'ENABLE'
See CREATE SECURITY INTEGRATION (External OAuth) for a complete reference of the parameters available for this command.
Together, the EXTERNAL_OAUTH_TOKEN_USER_MAPPING_CLAIM and EXTERNAL_OAUTH_SNOWFLAKE_USER_MAPPING_ATTRIBUTE parameters link an Entra ID identity to a Snowflake identity. For authentication to succeed, the value of the specified claim in the JWT must exactly match the value of the specified attribute on a user object in Snowflake. The two main configurations Snowflake recommends are:
Mapping by User Principal Name (UPN): Set the EXTERNAL_OAUTH_TOKEN_USER_MAPPING_CLAIM parameter to ‘upn’ and the EXTERNAL_OAUTH_SNOWFLAKE_USER_MAPPING_ATTRIBUTE parameter to ‘LOGIN_NAME’.
Mapping by email address: Set the EXTERNAL_OAUTH_TOKEN_USER_MAPPING_CLAIM parameter to ‘email’ and the EXTERNAL_OAUTH_SNOWFLAKE_USER_MAPPING_ATTRIBUTE parameter to ‘EMAIL_ADDRESS’.
The example statement above uses the email address mapping configuration, but also specifies UPN in the EXTERNAL_OAUTH_TOKEN_USER_MAPPING_CLAIM parameter, allowing you to change the mapping method by changing only the EXTERNAL_OAUTH_SNOWFLAKE_USER_MAPPING_ATTRIBUTE.
The example statement also enables EXTERNAL_OAUTH_ANY_ROLE_MODE, so that the user’s default role is used.
For more information on OAuth scopes, see Scopes.
Prepare the Cortex Agent definition¶
Once security integration is configured, you must prepare the agent’s environment and definition within Snowflake. This involves creating the necessary database objects and defining the agent’s logic in a single JSON object. The definition specifies the agent’s instructions, its tools (like Cortex Analyst and Cortex Search), and the resources for those tools. The schema definition follows the Cortex Agent API request body schema with some additions. The following is the top-level structure of the JSON object:
{
"model": ...,
"response_instruction": ...,
"experimental": ...
"tools": ...
"tool_resources": ...
"tool_choice": ...
"starter_prompts": ...
}
Upload the agent definition to a Snowflake stage and make sure it is accessible to all end users who will use the agent.
You can enhance the user experience by setting two optional fields for search results and conversational guidance:
Search citations can be provided a human-readable title and a direct link to the source document by supplying two optional fields in the
tool_resourcesdefinition of the search tool:title_columnis a column that contains the human-readable title of a document.id_columnis a column that contains a unique identifier for the document, which Cortex Search uses to construct a link to the document.
Starter prompts can be provided to guide users in formulating their questions in the
starter_promptsfield at the top level of the agent definition.{ .... "starter_prompts": ["prompt #1", "prompt #2", ...], ... }
Grant required privileges to end users¶
For end users to successfully interact with a Cortex Agent in Teams, their default Snowflake role (or other designated role) must have privileges grants on all the underlying objects:
All grants listed in the access control requirements section of the Cortex Agents topic
READ access to the stage containing the agent’s JSON definition
USAGE on the warehouse assigned to the agent
Step 3: Setting up the Teams app and connecting your Snowflake account¶
The final step in the integration process is to set up the Microsoft Teams application and connect it to the Snowflake users who will use it. This requires you to complete the following tasks:
Install the Cortex Agents app from the Teams store
Connect your Snowflake account to the Teams application
Install the app from the Teams store¶
All users must install the Cortex Agents app from the Microsoft Teams store. To install the app, search for “Snowflake Cortex Agents” in the Teams app store, then click Add to install the app.
Note
Depending on your organization’s Microsoft Teams policies, a Teams Administrator may need to approve the app before it is available to users. See Overview of app management and governance in Teams admin center for instructions.
Connect your Snowflake account to the Teams app¶
The first user to interact with the Cortex Agents app in Teams is prompted to connect their Snowflake account to the app. This user must have the ACCOUNTADMIN or SECURITYADMIN role in Snowflake for this step to succeed.
To recap, every user’s default role in Snowflake must have the required privileges to access the agent’s objects, as described in the access control requirements section of the Cortex Agents topic, along with READ access to the stage containing the agent’s JSON definition and USAGE on the agent’s warehouse. (The user’s default role is specified by the DEFAULT_ROLE setting in the user’s profile.)
Security integrations block the main Snowflake administrative roles by default. Therefore, you cannot use administrative roles such as ACCOUNTADMIN as the default role for the user that will set up the Teams bot. For information on this restriction, see BLOCKED_ROLES_LIST in the CREATE SECURITY INTEGRATION topic.
Snowflake recommends you create a dedicated, non-administrative role with the required permissions and set it as the default for the setup user. Alternatively, use the SECONDARY ROLES mechanism to grant the additional permissions without altering the user’s primary default role, as follows:
GRANT ROLE <integration_specific_role> TO USER <user_name>;
ALTER USER <user_name> SET DEFAULT_SECONDARY_ROLES = ('<integration_specific_role>');
To set up the Teams bot, follow these steps:
Click I’m the Snowflake administrator, below the notice stating that an administrator needs to configure Snowflake for the Teams enticement, to begin the process.
Provide your Snowflake account URL where indicated.
To find this URL, log in to Snowsight and click the account selector in the bottom left corner of the page. The hostname portion of the URL is displayed at the top of the menu and is in the format
your-organization-your-account. The full URL isyour-organization-your-account.snowflakecomputing.com.The configuration wizard verifies that the URL leads to a valid Snowflake instance in the Azure US East 2 region and confirms that your user has access to it and has the required administrative privileges.
Note
You may see a warning instructing you to ensure that the security integration uses “Microsoft identity platform access token v2.0’. You can safely ignore this warning; the Snowflake security integration token format is compatible.
After this verification passes, a form appears requesting the following configuration details:
Account alias: A user-friendly name for this Snowflake account which appears in the Teams interface, for example “Sales Analytics.”
Agent definition path: The fully-qualified path to the agent’s JSON definition file in a Snowflake stage, in the format
@stage_name/path_to_definition_file, such as@my_cortex_agents/my_agent.json.Default warehouse: The name of the Snowflake warehouse that the agent uses to run queries.
Enter this information, then click Finalize account configuration.
After the setup passes final validation, the Teams app is connected to your Snowflake account and the agent is ready to use.
Tip
Once you have connected your Snowflake account to the Cortex Teams app, you can connect additional Snowflake accounts to the same app by logging into the Teams app with a user that has the necessary privileges and issuing the “add new account” command in the chat.
Using the Cortex Agent¶
After the integration is set up, the bot appears in the Microsoft Teams interface, allowing your users to interact with it in a private chat. Users ask questions in natural language, and the bot responds with answers based on Snowflake data.
In Microsoft 365 Copilot, your users can interact with the agent in the context of their broader workflow, asking questions and receiving answers about their Snowflake data within the Copilot interface.
Security considerations¶
The Cortex Agents integration for Microsoft Teams is designed with security in mind, leveraging Snowflake’s existing security features and Microsoft Entra ID’s authentication capabilities. The integration ensures that user data remains secure and that access is controlled through Snowflake’s role-based access control (RBAC) system.
End-to-end authentication flow¶
To understand the security implications of using the Cortex Agents integration for Microsoft Teams, it is important to understand the end-to-end authentication flow. This process involves the following steps:
User interaction: A user sends a message to the Snowflake Cortex Agents bot in Microsoft Teams.
Authentication trigger: The bot’s back end service (the “Client” app) initiates an OAuth 2.0 flow, redirecting the user to the Microsoft Entra ID.
User authentication: The user signs in to their Microsoft account with their corporate credentials, satisfying any MFA or Conditional Access policies enforced by their tenant.
Token issuance: Entra ID provides a short-lived authorization code. The bot’s backend securely exchanges this code for a JWT access token.
API call to Snowflake: The bot back end calls the Snowflake Cortex Agents API, including the access token in the
Authorization: Bearerheader.Snowflake token validation: The Snowflake service receives the request and validates the JWT against the policy defined in the Snowflake security integration object.
Role-Based Access Control¶
Because it uses the Cortex Agents API under a specific user role, the Teams integration executes Cortex Agents requests with the exact privileges of the user’s designated Snowflake role. The agent inherits all existing data governance controls, including:
Role-Based Access Control: The agent can only access databases, schemas, tables, and warehouses that the user’s role permits them to use.
Data masking policies: The agent respects dynamic data masking policies, granting access only when allowed by the user’s role.
Row-Level access policies: The agent enforces row-level security policies.
The agent cannot bypass any existing Snowflake security controls, and users cannot access data that they are not already authorized to see.
Current limitations¶
These limitations apply to the Cortex Agents integration for Microsoft Teams preview release. Snowflake intends to address these in future releases.
- OAuth identity provider must be Entra ID
The integration exclusively supports Microsoft Entra ID as the identity provider for authentication and requires a direct one-to-one mapping between Entra ID users and Snowflake users. Organizations using other IdPs (e.g., Snowflake or Okta) cannot currently use this integration.
- Default user role reliance
The integration’s functionality is tied to each user’s default Snowflake role due to an architectural constraint in the Cortex Agents API, which determines session permissions based on the role context established during authentication. Therefore, the user’s default role must be granted all necessary privileges on the underlying objects for the agent to function correctly. While Snowflake’s SECONDARY ROLES feature can help to broaden data access, the primary execution context is governed by the user’s default role.
- One agent definition per Snowflake account
The integration provides a one-to-one mapping between a Teams integration instance and a single Cortex Agent definition per Snowflake account. You cannot currently expose multiple, distinct agents from a single Snowflake account.
- No multi-turn context
The integration does not currently support multi-turn conversational context. Each query from a Teams user is a discrete, stateless transaction. The agent does not remember the context of previous questions, requiring users to be explicit in each request.
Troubleshooting¶
If you encounter issues with the Cortex Agents integration for Microsoft Teams, check the sections below for possible solutions.
Privilege and access issues¶
The user’s default role must have the required privileges to access the objects used or accessed by the agent. Error messages caused by access issues typically include the phrase “database object does not exist or not authorized.”
Troubleshooting such issues involves checking the following:
The user’s default role is set to a role that has the required privileges.
The user’s default role has the required privileges on the agent’s objects, including the stage containing the agent’s JSON definition and the warehouse assigned to the agent.
Default role setting¶
The first step in troubleshooting access issues is to check the user’s default role setting. To verify this setting, run the DESCRIBE USER command and check the DEFAULT_ROLE property in the output. If the user’s default role is incorrect, change it using the ALTER USER command.
ALTER USER <user_name> SET DEFAULT_ROLE = '<correct_role>';
If changing the user’s primary DEFAULT_ROLE is not feasible, you can use the Snowflake’s secondary roles mechanism. A user can perform actions using the combined privileges of their primary and active secondary roles. This lets you to grant an additional, integration-specific role to the user without altering their primary role.
To add a secondary role for the Cortex Agents integration, use SQL commands like the following. To ensure that you do not remove any secondary roles already assigned to the user, take note of the DEFAULT_SECONDARY_ROLES property in the output of DESCRIBE USER. Include these pre-existing roles when adding the integration-specific role.
DESCRIBE USER <user_name>; -- take note of DEFAULT_SECONDARY_ROLES
GRANT ROLE <integration_specific_role> TO USER <user_name>;
ALTER USER <user_name> SET DEFAULT_SECONDARY_ROLES = ('<pre_existing_role_1>', ....,
'<integration_specific_role>');
Required permissions¶
The user’s default role (or a default secondary role) must possess the privileges described below.
Cortex AI function access via the SNOWFLAKE.CORTEX_USER role. By default, this role is granted to the PUBLIC role, so all users can access Cortex AI functions. If your organization has removed SNOWFLAKE.CORTEX_USER from PUBLIC, you must explicitly grant it to the role that the agent runs under.
If the agent uses the Cortex Analyst tool, the role must also have the following privileges:
USAGE on all databases and schemas referenced in the semantic model
SELECT on all tables and views referenced in the semantic model
READ access on the stage containing the semantic model file(s)
If the agent uses a Cortex Search service, the role must have USAGE on the specific service used.
Security integration issues¶
A Snowflake security integration connects the Microsoft Entra ID tenant to the Snowflake account. The issues in this section are related to the security integration.
Invalid OAuth access token (error code 390303)¶
This error can indicate that one or more property values in the security integration are incorrect, preventing Snowflake from validating the access token received from Entra ID. To rectify this, check the following fields in the security integration. In particular, make sure the tenant ID is correct in the URLs.
EXTERNAL_OAUTH_ISSUER: This must be set to the correct Entra ID issuer URL, which is in the format
https://login.microsoftonline.com/<tenant-id>/v2.0, wheretenant-idis your organization’s Microsoft tenant ID.EXTERNAL_OAUTH_JWS_KEYS_URL: This must be set to the correct JWS keys URL, which is in the format
https://login.microsoftonline.com/<tenant-id>/discovery/v2.0/keys, wheretenant-idis your organization’s Microsoft tenant ID.EXTERNAL_OAUTH_AUDIENCE_LIST: This must include the correct audience for the Cortex Agents Bot OAuth Resource application, which is the application ID
5a840489-78db-4a42-8772-47be9d833efe.
Update any incorrect values using the ALTER SECURITY INTEGRATION command.
Incorrect username or password (error code 390304)¶
This error message points to a mismatch between the user identifier sent by Entra ID and the corresponding user’s record in Snowflake, usually because the Entra ID does not map exactly one Snowflake user. This can happen when the Snowflake user does not exist (or the mapped UPN or email address is incorrect), or when the mapping resolves to multiple Snowflake users (for example, if the mapping is performed using email address and multiple users share the same address).
The error message includes the UPN and email of the user attempting to log in. Use this information to verify the affected user’s configuration using the DESCRIBE USER command. Make sure the user’s NAME or EMAIL property matches the value of the same property in Entra ID for the corresponding user. If using email address mapping, ensure that the email address is unique across all users in the Snowflake account.
Role not listed in the access token or was filtered out (error code 390317)¶
This error occurs when Snowflake cannot assign a role to the user based on the information in the OAuth access token.
The access token is configured with the session:role-any scope, which allows the user to assume any of their
assigned roles in Snowflake. However, the security integration must be explicitly configured to permit this behavior.
Use the DESCRIBE SECURITY INTEGRATION command to check the value of the EXTERNAL_OAUTH_ANY_ROLE_MODE property, then
change it to ENABLE or ENABLE_FOR_LOGIN.
DESCRIBE SECURITY INTEGRATION entra_id_cortex_agents_integration;
ALTER SECURITY INTEGRATION entra_id_cortex_agents_integration
SET EXTERNAL_OAUTH_ANY_ROLE_MODE = 'ENABLE';
Role specified in the connect string is not granted to this user (error code 390186)¶
This error occurs when Snowflake security integration doesn’t allow the user’s default role to use the security integration.
To resolve this, check the following properties in the output of DESCRIBE SECURITY INTEGRATION:
EXTERNAL_OAUTH_ALLOWED_ROLES_LIST: If the parameter is enabled, verify that it contains the user’s default role.
EXTERNAL_OAUTH_BLOCKED_ROLES_LIST: If the parameter is enabled, verify that it does not contain the user’s default role.